~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/kernel/cred.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-or-later
  2 /* Task credentials management - see Documentation/security/credentials.rst
  3  *
  4  * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
  5  * Written by David Howells (dhowells@redhat.com)
  6  */
  7 
  8 #define pr_fmt(fmt) "CRED: " fmt
  9 
 10 #include <linux/export.h>
 11 #include <linux/cred.h>
 12 #include <linux/slab.h>
 13 #include <linux/sched.h>
 14 #include <linux/sched/coredump.h>
 15 #include <linux/key.h>
 16 #include <linux/keyctl.h>
 17 #include <linux/init_task.h>
 18 #include <linux/security.h>
 19 #include <linux/binfmts.h>
 20 #include <linux/cn_proc.h>
 21 #include <linux/uidgid.h>
 22 
 23 #if 0
 24 #define kdebug(FMT, ...)                                                \
 25         printk("[%-5.5s%5u] " FMT "\n",                                 \
 26                current->comm, current->pid, ##__VA_ARGS__)
 27 #else
 28 #define kdebug(FMT, ...)                                                \
 29 do {                                                                    \
 30         if (0)                                                          \
 31                 no_printk("[%-5.5s%5u] " FMT "\n",                      \
 32                           current->comm, current->pid, ##__VA_ARGS__);  \
 33 } while (0)
 34 #endif
 35 
 36 static struct kmem_cache *cred_jar;
 37 
 38 /* init to 2 - one for init_task, one to ensure it is never freed */
 39 static struct group_info init_groups = { .usage = REFCOUNT_INIT(2) };
 40 
 41 /*
 42  * The initial credentials for the initial task
 43  */
 44 struct cred init_cred = {
 45         .usage                  = ATOMIC_INIT(4),
 46         .uid                    = GLOBAL_ROOT_UID,
 47         .gid                    = GLOBAL_ROOT_GID,
 48         .suid                   = GLOBAL_ROOT_UID,
 49         .sgid                   = GLOBAL_ROOT_GID,
 50         .euid                   = GLOBAL_ROOT_UID,
 51         .egid                   = GLOBAL_ROOT_GID,
 52         .fsuid                  = GLOBAL_ROOT_UID,
 53         .fsgid                  = GLOBAL_ROOT_GID,
 54         .securebits             = SECUREBITS_DEFAULT,
 55         .cap_inheritable        = CAP_EMPTY_SET,
 56         .cap_permitted          = CAP_FULL_SET,
 57         .cap_effective          = CAP_FULL_SET,
 58         .cap_bset               = CAP_FULL_SET,
 59         .user                   = INIT_USER,
 60         .user_ns                = &init_user_ns,
 61         .group_info             = &init_groups,
 62         .ucounts                = &init_ucounts,
 63 };
 64 
 65 /*
 66  * The RCU callback to actually dispose of a set of credentials
 67  */
 68 static void put_cred_rcu(struct rcu_head *rcu)
 69 {
 70         struct cred *cred = container_of(rcu, struct cred, rcu);
 71 
 72         kdebug("put_cred_rcu(%p)", cred);
 73 
 74         if (atomic_long_read(&cred->usage) != 0)
 75                 panic("CRED: put_cred_rcu() sees %p with usage %ld\n",
 76                       cred, atomic_long_read(&cred->usage));
 77 
 78         security_cred_free(cred);
 79         key_put(cred->session_keyring);
 80         key_put(cred->process_keyring);
 81         key_put(cred->thread_keyring);
 82         key_put(cred->request_key_auth);
 83         if (cred->group_info)
 84                 put_group_info(cred->group_info);
 85         free_uid(cred->user);
 86         if (cred->ucounts)
 87                 put_ucounts(cred->ucounts);
 88         put_user_ns(cred->user_ns);
 89         kmem_cache_free(cred_jar, cred);
 90 }
 91 
 92 /**
 93  * __put_cred - Destroy a set of credentials
 94  * @cred: The record to release
 95  *
 96  * Destroy a set of credentials on which no references remain.
 97  */
 98 void __put_cred(struct cred *cred)
 99 {
100         kdebug("__put_cred(%p{%ld})", cred,
101                atomic_long_read(&cred->usage));
102 
103         BUG_ON(atomic_long_read(&cred->usage) != 0);
104         BUG_ON(cred == current->cred);
105         BUG_ON(cred == current->real_cred);
106 
107         if (cred->non_rcu)
108                 put_cred_rcu(&cred->rcu);
109         else
110                 call_rcu(&cred->rcu, put_cred_rcu);
111 }
112 EXPORT_SYMBOL(__put_cred);
113 
114 /*
115  * Clean up a task's credentials when it exits
116  */
117 void exit_creds(struct task_struct *tsk)
118 {
119         struct cred *real_cred, *cred;
120 
121         kdebug("exit_creds(%u,%p,%p,{%ld})", tsk->pid, tsk->real_cred, tsk->cred,
122                atomic_long_read(&tsk->cred->usage));
123 
124         real_cred = (struct cred *) tsk->real_cred;
125         tsk->real_cred = NULL;
126 
127         cred = (struct cred *) tsk->cred;
128         tsk->cred = NULL;
129 
130         if (real_cred == cred) {
131                 put_cred_many(cred, 2);
132         } else {
133                 put_cred(real_cred);
134                 put_cred(cred);
135         }
136 
137 #ifdef CONFIG_KEYS_REQUEST_CACHE
138         key_put(tsk->cached_requested_key);
139         tsk->cached_requested_key = NULL;
140 #endif
141 }
142 
143 /**
144  * get_task_cred - Get another task's objective credentials
145  * @task: The task to query
146  *
147  * Get the objective credentials of a task, pinning them so that they can't go
148  * away.  Accessing a task's credentials directly is not permitted.
149  *
150  * The caller must also make sure task doesn't get deleted, either by holding a
151  * ref on task or by holding tasklist_lock to prevent it from being unlinked.
152  */
153 const struct cred *get_task_cred(struct task_struct *task)
154 {
155         const struct cred *cred;
156 
157         rcu_read_lock();
158 
159         do {
160                 cred = __task_cred((task));
161                 BUG_ON(!cred);
162         } while (!get_cred_rcu(cred));
163 
164         rcu_read_unlock();
165         return cred;
166 }
167 EXPORT_SYMBOL(get_task_cred);
168 
169 /*
170  * Allocate blank credentials, such that the credentials can be filled in at a
171  * later date without risk of ENOMEM.
172  */
173 struct cred *cred_alloc_blank(void)
174 {
175         struct cred *new;
176 
177         new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
178         if (!new)
179                 return NULL;
180 
181         atomic_long_set(&new->usage, 1);
182         if (security_cred_alloc_blank(new, GFP_KERNEL_ACCOUNT) < 0)
183                 goto error;
184 
185         return new;
186 
187 error:
188         abort_creds(new);
189         return NULL;
190 }
191 
192 /**
193  * prepare_creds - Prepare a new set of credentials for modification
194  *
195  * Prepare a new set of task credentials for modification.  A task's creds
196  * shouldn't generally be modified directly, therefore this function is used to
197  * prepare a new copy, which the caller then modifies and then commits by
198  * calling commit_creds().
199  *
200  * Preparation involves making a copy of the objective creds for modification.
201  *
202  * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
203  *
204  * Call commit_creds() or abort_creds() to clean up.
205  */
206 struct cred *prepare_creds(void)
207 {
208         struct task_struct *task = current;
209         const struct cred *old;
210         struct cred *new;
211 
212         new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
213         if (!new)
214                 return NULL;
215 
216         kdebug("prepare_creds() alloc %p", new);
217 
218         old = task->cred;
219         memcpy(new, old, sizeof(struct cred));
220 
221         new->non_rcu = 0;
222         atomic_long_set(&new->usage, 1);
223         get_group_info(new->group_info);
224         get_uid(new->user);
225         get_user_ns(new->user_ns);
226 
227 #ifdef CONFIG_KEYS
228         key_get(new->session_keyring);
229         key_get(new->process_keyring);
230         key_get(new->thread_keyring);
231         key_get(new->request_key_auth);
232 #endif
233 
234 #ifdef CONFIG_SECURITY
235         new->security = NULL;
236 #endif
237 
238         new->ucounts = get_ucounts(new->ucounts);
239         if (!new->ucounts)
240                 goto error;
241 
242         if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
243                 goto error;
244 
245         return new;
246 
247 error:
248         abort_creds(new);
249         return NULL;
250 }
251 EXPORT_SYMBOL(prepare_creds);
252 
253 /*
254  * Prepare credentials for current to perform an execve()
255  * - The caller must hold ->cred_guard_mutex
256  */
257 struct cred *prepare_exec_creds(void)
258 {
259         struct cred *new;
260 
261         new = prepare_creds();
262         if (!new)
263                 return new;
264 
265 #ifdef CONFIG_KEYS
266         /* newly exec'd tasks don't get a thread keyring */
267         key_put(new->thread_keyring);
268         new->thread_keyring = NULL;
269 
270         /* inherit the session keyring; new process keyring */
271         key_put(new->process_keyring);
272         new->process_keyring = NULL;
273 #endif
274 
275         new->suid = new->fsuid = new->euid;
276         new->sgid = new->fsgid = new->egid;
277 
278         return new;
279 }
280 
281 /*
282  * Copy credentials for the new process created by fork()
283  *
284  * We share if we can, but under some circumstances we have to generate a new
285  * set.
286  *
287  * The new process gets the current process's subjective credentials as its
288  * objective and subjective credentials
289  */
290 int copy_creds(struct task_struct *p, unsigned long clone_flags)
291 {
292         struct cred *new;
293         int ret;
294 
295 #ifdef CONFIG_KEYS_REQUEST_CACHE
296         p->cached_requested_key = NULL;
297 #endif
298 
299         if (
300 #ifdef CONFIG_KEYS
301                 !p->cred->thread_keyring &&
302 #endif
303                 clone_flags & CLONE_THREAD
304             ) {
305                 p->real_cred = get_cred_many(p->cred, 2);
306                 kdebug("share_creds(%p{%ld})",
307                        p->cred, atomic_long_read(&p->cred->usage));
308                 inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
309                 return 0;
310         }
311 
312         new = prepare_creds();
313         if (!new)
314                 return -ENOMEM;
315 
316         if (clone_flags & CLONE_NEWUSER) {
317                 ret = create_user_ns(new);
318                 if (ret < 0)
319                         goto error_put;
320                 ret = set_cred_ucounts(new);
321                 if (ret < 0)
322                         goto error_put;
323         }
324 
325 #ifdef CONFIG_KEYS
326         /* new threads get their own thread keyrings if their parent already
327          * had one */
328         if (new->thread_keyring) {
329                 key_put(new->thread_keyring);
330                 new->thread_keyring = NULL;
331                 if (clone_flags & CLONE_THREAD)
332                         install_thread_keyring_to_cred(new);
333         }
334 
335         /* The process keyring is only shared between the threads in a process;
336          * anything outside of those threads doesn't inherit.
337          */
338         if (!(clone_flags & CLONE_THREAD)) {
339                 key_put(new->process_keyring);
340                 new->process_keyring = NULL;
341         }
342 #endif
343 
344         p->cred = p->real_cred = get_cred(new);
345         inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
346         return 0;
347 
348 error_put:
349         put_cred(new);
350         return ret;
351 }
352 
353 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)
354 {
355         const struct user_namespace *set_ns = set->user_ns;
356         const struct user_namespace *subset_ns = subset->user_ns;
357 
358         /* If the two credentials are in the same user namespace see if
359          * the capabilities of subset are a subset of set.
360          */
361         if (set_ns == subset_ns)
362                 return cap_issubset(subset->cap_permitted, set->cap_permitted);
363 
364         /* The credentials are in a different user namespaces
365          * therefore one is a subset of the other only if a set is an
366          * ancestor of subset and set->euid is owner of subset or one
367          * of subsets ancestors.
368          */
369         for (;subset_ns != &init_user_ns; subset_ns = subset_ns->parent) {
370                 if ((set_ns == subset_ns->parent)  &&
371                     uid_eq(subset_ns->owner, set->euid))
372                         return true;
373         }
374 
375         return false;
376 }
377 
378 /**
379  * commit_creds - Install new credentials upon the current task
380  * @new: The credentials to be assigned
381  *
382  * Install a new set of credentials to the current task, using RCU to replace
383  * the old set.  Both the objective and the subjective credentials pointers are
384  * updated.  This function may not be called if the subjective credentials are
385  * in an overridden state.
386  *
387  * This function eats the caller's reference to the new credentials.
388  *
389  * Always returns 0 thus allowing this function to be tail-called at the end
390  * of, say, sys_setgid().
391  */
392 int commit_creds(struct cred *new)
393 {
394         struct task_struct *task = current;
395         const struct cred *old = task->real_cred;
396 
397         kdebug("commit_creds(%p{%ld})", new,
398                atomic_long_read(&new->usage));
399 
400         BUG_ON(task->cred != old);
401         BUG_ON(atomic_long_read(&new->usage) < 1);
402 
403         get_cred(new); /* we will require a ref for the subj creds too */
404 
405         /* dumpability changes */
406         if (!uid_eq(old->euid, new->euid) ||
407             !gid_eq(old->egid, new->egid) ||
408             !uid_eq(old->fsuid, new->fsuid) ||
409             !gid_eq(old->fsgid, new->fsgid) ||
410             !cred_cap_issubset(old, new)) {
411                 if (task->mm)
412                         set_dumpable(task->mm, suid_dumpable);
413                 task->pdeath_signal = 0;
414                 /*
415                  * If a task drops privileges and becomes nondumpable,
416                  * the dumpability change must become visible before
417                  * the credential change; otherwise, a __ptrace_may_access()
418                  * racing with this change may be able to attach to a task it
419                  * shouldn't be able to attach to (as if the task had dropped
420                  * privileges without becoming nondumpable).
421                  * Pairs with a read barrier in __ptrace_may_access().
422                  */
423                 smp_wmb();
424         }
425 
426         /* alter the thread keyring */
427         if (!uid_eq(new->fsuid, old->fsuid))
428                 key_fsuid_changed(new);
429         if (!gid_eq(new->fsgid, old->fsgid))
430                 key_fsgid_changed(new);
431 
432         /* do it
433          * RLIMIT_NPROC limits on user->processes have already been checked
434          * in set_user().
435          */
436         if (new->user != old->user || new->user_ns != old->user_ns)
437                 inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1);
438         rcu_assign_pointer(task->real_cred, new);
439         rcu_assign_pointer(task->cred, new);
440         if (new->user != old->user || new->user_ns != old->user_ns)
441                 dec_rlimit_ucounts(old->ucounts, UCOUNT_RLIMIT_NPROC, 1);
442 
443         /* send notifications */
444         if (!uid_eq(new->uid,   old->uid)  ||
445             !uid_eq(new->euid,  old->euid) ||
446             !uid_eq(new->suid,  old->suid) ||
447             !uid_eq(new->fsuid, old->fsuid))
448                 proc_id_connector(task, PROC_EVENT_UID);
449 
450         if (!gid_eq(new->gid,   old->gid)  ||
451             !gid_eq(new->egid,  old->egid) ||
452             !gid_eq(new->sgid,  old->sgid) ||
453             !gid_eq(new->fsgid, old->fsgid))
454                 proc_id_connector(task, PROC_EVENT_GID);
455 
456         /* release the old obj and subj refs both */
457         put_cred_many(old, 2);
458         return 0;
459 }
460 EXPORT_SYMBOL(commit_creds);
461 
462 /**
463  * abort_creds - Discard a set of credentials and unlock the current task
464  * @new: The credentials that were going to be applied
465  *
466  * Discard a set of credentials that were under construction and unlock the
467  * current task.
468  */
469 void abort_creds(struct cred *new)
470 {
471         kdebug("abort_creds(%p{%ld})", new,
472                atomic_long_read(&new->usage));
473 
474         BUG_ON(atomic_long_read(&new->usage) < 1);
475         put_cred(new);
476 }
477 EXPORT_SYMBOL(abort_creds);
478 
479 /**
480  * override_creds - Override the current process's subjective credentials
481  * @new: The credentials to be assigned
482  *
483  * Install a set of temporary override subjective credentials on the current
484  * process, returning the old set for later reversion.
485  */
486 const struct cred *override_creds(const struct cred *new)
487 {
488         const struct cred *old = current->cred;
489 
490         kdebug("override_creds(%p{%ld})", new,
491                atomic_long_read(&new->usage));
492 
493         /*
494          * NOTE! This uses 'get_new_cred()' rather than 'get_cred()'.
495          *
496          * That means that we do not clear the 'non_rcu' flag, since
497          * we are only installing the cred into the thread-synchronous
498          * '->cred' pointer, not the '->real_cred' pointer that is
499          * visible to other threads under RCU.
500          */
501         get_new_cred((struct cred *)new);
502         rcu_assign_pointer(current->cred, new);
503 
504         kdebug("override_creds() = %p{%ld}", old,
505                atomic_long_read(&old->usage));
506         return old;
507 }
508 EXPORT_SYMBOL(override_creds);
509 
510 /**
511  * revert_creds - Revert a temporary subjective credentials override
512  * @old: The credentials to be restored
513  *
514  * Revert a temporary set of override subjective credentials to an old set,
515  * discarding the override set.
516  */
517 void revert_creds(const struct cred *old)
518 {
519         const struct cred *override = current->cred;
520 
521         kdebug("revert_creds(%p{%ld})", old,
522                atomic_long_read(&old->usage));
523 
524         rcu_assign_pointer(current->cred, old);
525         put_cred(override);
526 }
527 EXPORT_SYMBOL(revert_creds);
528 
529 /**
530  * cred_fscmp - Compare two credentials with respect to filesystem access.
531  * @a: The first credential
532  * @b: The second credential
533  *
534  * cred_cmp() will return zero if both credentials have the same
535  * fsuid, fsgid, and supplementary groups.  That is, if they will both
536  * provide the same access to files based on mode/uid/gid.
537  * If the credentials are different, then either -1 or 1 will
538  * be returned depending on whether @a comes before or after @b
539  * respectively in an arbitrary, but stable, ordering of credentials.
540  *
541  * Return: -1, 0, or 1 depending on comparison
542  */
543 int cred_fscmp(const struct cred *a, const struct cred *b)
544 {
545         struct group_info *ga, *gb;
546         int g;
547 
548         if (a == b)
549                 return 0;
550         if (uid_lt(a->fsuid, b->fsuid))
551                 return -1;
552         if (uid_gt(a->fsuid, b->fsuid))
553                 return 1;
554 
555         if (gid_lt(a->fsgid, b->fsgid))
556                 return -1;
557         if (gid_gt(a->fsgid, b->fsgid))
558                 return 1;
559 
560         ga = a->group_info;
561         gb = b->group_info;
562         if (ga == gb)
563                 return 0;
564         if (ga == NULL)
565                 return -1;
566         if (gb == NULL)
567                 return 1;
568         if (ga->ngroups < gb->ngroups)
569                 return -1;
570         if (ga->ngroups > gb->ngroups)
571                 return 1;
572 
573         for (g = 0; g < ga->ngroups; g++) {
574                 if (gid_lt(ga->gid[g], gb->gid[g]))
575                         return -1;
576                 if (gid_gt(ga->gid[g], gb->gid[g]))
577                         return 1;
578         }
579         return 0;
580 }
581 EXPORT_SYMBOL(cred_fscmp);
582 
583 int set_cred_ucounts(struct cred *new)
584 {
585         struct ucounts *new_ucounts, *old_ucounts = new->ucounts;
586 
587         /*
588          * This optimization is needed because alloc_ucounts() uses locks
589          * for table lookups.
590          */
591         if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid))
592                 return 0;
593 
594         if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid)))
595                 return -EAGAIN;
596 
597         new->ucounts = new_ucounts;
598         put_ucounts(old_ucounts);
599 
600         return 0;
601 }
602 
603 /*
604  * initialise the credentials stuff
605  */
606 void __init cred_init(void)
607 {
608         /* allocate a slab in which we can store credentials */
609         cred_jar = KMEM_CACHE(cred,
610                               SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT);
611 }
612 
613 /**
614  * prepare_kernel_cred - Prepare a set of credentials for a kernel service
615  * @daemon: A userspace daemon to be used as a reference
616  *
617  * Prepare a set of credentials for a kernel service.  This can then be used to
618  * override a task's own credentials so that work can be done on behalf of that
619  * task that requires a different subjective context.
620  *
621  * @daemon is used to provide a base cred, with the security data derived from
622  * that; if this is "&init_task", they'll be set to 0, no groups, full
623  * capabilities, and no keys.
624  *
625  * The caller may change these controls afterwards if desired.
626  *
627  * Returns the new credentials or NULL if out of memory.
628  */
629 struct cred *prepare_kernel_cred(struct task_struct *daemon)
630 {
631         const struct cred *old;
632         struct cred *new;
633 
634         if (WARN_ON_ONCE(!daemon))
635                 return NULL;
636 
637         new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
638         if (!new)
639                 return NULL;
640 
641         kdebug("prepare_kernel_cred() alloc %p", new);
642 
643         old = get_task_cred(daemon);
644 
645         *new = *old;
646         new->non_rcu = 0;
647         atomic_long_set(&new->usage, 1);
648         get_uid(new->user);
649         get_user_ns(new->user_ns);
650         get_group_info(new->group_info);
651 
652 #ifdef CONFIG_KEYS
653         new->session_keyring = NULL;
654         new->process_keyring = NULL;
655         new->thread_keyring = NULL;
656         new->request_key_auth = NULL;
657         new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
658 #endif
659 
660 #ifdef CONFIG_SECURITY
661         new->security = NULL;
662 #endif
663         new->ucounts = get_ucounts(new->ucounts);
664         if (!new->ucounts)
665                 goto error;
666 
667         if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
668                 goto error;
669 
670         put_cred(old);
671         return new;
672 
673 error:
674         put_cred(new);
675         put_cred(old);
676         return NULL;
677 }
678 EXPORT_SYMBOL(prepare_kernel_cred);
679 
680 /**
681  * set_security_override - Set the security ID in a set of credentials
682  * @new: The credentials to alter
683  * @secid: The LSM security ID to set
684  *
685  * Set the LSM security ID in a set of credentials so that the subjective
686  * security is overridden when an alternative set of credentials is used.
687  */
688 int set_security_override(struct cred *new, u32 secid)
689 {
690         return security_kernel_act_as(new, secid);
691 }
692 EXPORT_SYMBOL(set_security_override);
693 
694 /**
695  * set_security_override_from_ctx - Set the security ID in a set of credentials
696  * @new: The credentials to alter
697  * @secctx: The LSM security context to generate the security ID from.
698  *
699  * Set the LSM security ID in a set of credentials so that the subjective
700  * security is overridden when an alternative set of credentials is used.  The
701  * security ID is specified in string form as a security context to be
702  * interpreted by the LSM.
703  */
704 int set_security_override_from_ctx(struct cred *new, const char *secctx)
705 {
706         u32 secid;
707         int ret;
708 
709         ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
710         if (ret < 0)
711                 return ret;
712 
713         return set_security_override(new, secid);
714 }
715 EXPORT_SYMBOL(set_security_override_from_ctx);
716 
717 /**
718  * set_create_files_as - Set the LSM file create context in a set of credentials
719  * @new: The credentials to alter
720  * @inode: The inode to take the context from
721  *
722  * Change the LSM file creation context in a set of credentials to be the same
723  * as the object context of the specified inode, so that the new inodes have
724  * the same MAC context as that inode.
725  */
726 int set_create_files_as(struct cred *new, struct inode *inode)
727 {
728         if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
729                 return -EINVAL;
730         new->fsuid = inode->i_uid;
731         new->fsgid = inode->i_gid;
732         return security_kernel_create_files_as(new, inode);
733 }
734 EXPORT_SYMBOL(set_create_files_as);
735 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php