diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 16 | ||||
| -rw-r--r-- | security/capability.c | 30 | ||||
| -rw-r--r-- | security/commoncap.c | 260 | ||||
| -rw-r--r-- | security/dummy.c | 25 | ||||
| -rw-r--r-- | security/inode.c | 8 | ||||
| -rw-r--r-- | security/keys/internal.h | 35 | ||||
| -rw-r--r-- | security/keys/key.c | 34 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 16 | ||||
| -rw-r--r-- | security/keys/request_key.c | 556 | ||||
| -rw-r--r-- | security/keys/request_key_auth.c | 11 | ||||
| -rw-r--r-- | security/root_plug.c | 31 | ||||
| -rw-r--r-- | security/security.c | 1012 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 96 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 1 |
14 files changed, 1596 insertions, 535 deletions
diff --git a/security/Kconfig b/security/Kconfig index 460e5c9cf49..8086e61058e 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -74,15 +74,25 @@ config SECURITY_NETWORK_XFRM If you are unsure how to answer this question, answer N. config SECURITY_CAPABILITIES - tristate "Default Linux Capabilities" + bool "Default Linux Capabilities" depends on SECURITY help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. +config SECURITY_FILE_CAPABILITIES + bool "File POSIX Capabilities (EXPERIMENTAL)" + depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL + default n + help + This enables filesystem capabilities, allowing you to give + binaries a subset of root's powers without using setuid 0. + + If in doubt, answer N. + config SECURITY_ROOTPLUG - tristate "Root Plug Support" - depends on USB && SECURITY + bool "Root Plug Support" + depends on USB=y && SECURITY help This is a sample LSM module that should only be used as such. It prevents any programs running with egid == 0 if a specific diff --git a/security/capability.c b/security/capability.c index 38296a00546..9e99f36a8b5 100644 --- a/security/capability.c +++ b/security/capability.c @@ -8,7 +8,6 @@ * */ -#include <linux/module.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/security.h> @@ -38,7 +37,13 @@ static struct security_operations capability_ops = { .inode_setxattr = cap_inode_setxattr, .inode_removexattr = cap_inode_removexattr, + .inode_need_killpriv = cap_inode_need_killpriv, + .inode_killpriv = cap_inode_killpriv, + .task_kill = cap_task_kill, + .task_setscheduler = cap_task_setscheduler, + .task_setioprio = cap_task_setioprio, + .task_setnice = cap_task_setnice, .task_post_setuid = cap_task_post_setuid, .task_reparent_to_init = cap_task_reparent_to_init, @@ -52,7 +57,6 @@ static int secondary; static int capability_disable; module_param_named(disable, capability_disable, int, 0); -MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1"); static int __init capability_init (void) { @@ -75,26 +79,4 @@ static int __init capability_init (void) return 0; } -static void __exit capability_exit (void) -{ - if (capability_disable) - return; - /* remove ourselves from the security framework */ - if (secondary) { - if (mod_unreg_security (KBUILD_MODNAME, &capability_ops)) - printk (KERN_INFO "Failure unregistering capabilities " - "with primary module.\n"); - return; - } - - if (unregister_security (&capability_ops)) { - printk (KERN_INFO - "Failure unregistering capabilities with the kernel\n"); - } -} - security_initcall (capability_init); -module_exit (capability_exit); - -MODULE_DESCRIPTION("Standard Linux Capabilities Security Module"); -MODULE_LICENSE("GPL"); diff --git a/security/commoncap.c b/security/commoncap.c index 7520361663e..778cb0cfc5d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -22,6 +22,7 @@ #include <linux/ptrace.h> #include <linux/xattr.h> #include <linux/hugetlb.h> +#include <linux/mount.h> int cap_netlink_send(struct sock *sk, struct sk_buff *skb) { @@ -29,8 +30,6 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) return 0; } -EXPORT_SYMBOL(cap_netlink_send); - int cap_netlink_recv(struct sk_buff *skb, int cap) { if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) @@ -108,14 +107,130 @@ void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, target->cap_permitted = *permitted; } +static inline void bprm_clear_caps(struct linux_binprm *bprm) +{ + cap_clear(bprm->cap_inheritable); + cap_clear(bprm->cap_permitted); + bprm->cap_effective = false; +} + +#ifdef CONFIG_SECURITY_FILE_CAPABILITIES + +int cap_inode_need_killpriv(struct dentry *dentry) +{ + struct inode *inode = dentry->d_inode; + int error; + + if (!inode->i_op || !inode->i_op->getxattr) + return 0; + + error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0); + if (error <= 0) + return 0; + return 1; +} + +int cap_inode_killpriv(struct dentry *dentry) +{ + struct inode *inode = dentry->d_inode; + + if (!inode->i_op || !inode->i_op->removexattr) + return 0; + + return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); +} + +static inline int cap_from_disk(__le32 *caps, struct linux_binprm *bprm, + int size) +{ + __u32 magic_etc; + + if (size != XATTR_CAPS_SZ) + return -EINVAL; + + magic_etc = le32_to_cpu(caps[0]); + + switch ((magic_etc & VFS_CAP_REVISION_MASK)) { + case VFS_CAP_REVISION: + if (magic_etc & VFS_CAP_FLAGS_EFFECTIVE) + bprm->cap_effective = true; + else + bprm->cap_effective = false; + bprm->cap_permitted = to_cap_t( le32_to_cpu(caps[1]) ); + bprm->cap_inheritable = to_cap_t( le32_to_cpu(caps[2]) ); + return 0; + default: + return -EINVAL; + } +} + +/* Locate any VFS capabilities: */ +static int get_file_caps(struct linux_binprm *bprm) +{ + struct dentry *dentry; + int rc = 0; + __le32 v1caps[XATTR_CAPS_SZ]; + struct inode *inode; + + if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) { + bprm_clear_caps(bprm); + return 0; + } + + dentry = dget(bprm->file->f_dentry); + inode = dentry->d_inode; + if (!inode->i_op || !inode->i_op->getxattr) + goto out; + + rc = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, &v1caps, + XATTR_CAPS_SZ); + if (rc == -ENODATA || rc == -EOPNOTSUPP) { + /* no data, that's ok */ + rc = 0; + goto out; + } + if (rc < 0) + goto out; + + rc = cap_from_disk(v1caps, bprm, rc); + if (rc) + printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", + __FUNCTION__, rc, bprm->filename); + +out: + dput(dentry); + if (rc) + bprm_clear_caps(bprm); + + return rc; +} + +#else +int cap_inode_need_killpriv(struct dentry *dentry) +{ + return 0; +} + +int cap_inode_killpriv(struct dentry *dentry) +{ + return 0; +} + +static inline int get_file_caps(struct linux_binprm *bprm) +{ + bprm_clear_caps(bprm); + return 0; +} +#endif + int cap_bprm_set_security (struct linux_binprm *bprm) { - /* Copied from fs/exec.c:prepare_binprm. */ + int ret; - /* We don't have VFS support for capabilities yet */ - cap_clear (bprm->cap_inheritable); - cap_clear (bprm->cap_permitted); - cap_clear (bprm->cap_effective); + ret = get_file_caps(bprm); + if (ret) + printk(KERN_NOTICE "%s: get_file_caps returned %d for %s\n", + __FUNCTION__, ret, bprm->filename); /* To support inheritance of root-permissions and suid-root * executables under compatibility mode, we raise all three @@ -131,9 +246,10 @@ int cap_bprm_set_security (struct linux_binprm *bprm) cap_set_full (bprm->cap_permitted); } if (bprm->e_uid == 0) - cap_set_full (bprm->cap_effective); + bprm->cap_effective = true; } - return 0; + + return ret; } void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) @@ -149,6 +265,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || !cap_issubset (new_permitted, current->cap_permitted)) { set_dumpable(current->mm, suid_dumpable); + current->pdeath_signal = 0; if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) { if (!capable(CAP_SETUID)) { @@ -170,8 +287,8 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) * capability rules */ if (!is_init(current)) { current->cap_permitted = new_permitted; - current->cap_effective = - cap_intersect (new_permitted, bprm->cap_effective); + current->cap_effective = bprm->cap_effective ? + new_permitted : 0; } /* AUD: Audit candidate if current->cap_effective is set */ @@ -181,11 +298,15 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) int cap_bprm_secureexec (struct linux_binprm *bprm) { - /* If/when this module is enhanced to incorporate capability - bits on files, the test below should be extended to also perform a - test between the old and new capability sets. For now, - it simply preserves the legacy decision algorithm used by - the old userland. */ + if (current->uid != 0) { + if (bprm->cap_effective) + return 1; + if (!cap_isclear(bprm->cap_permitted)) + return 1; + if (!cap_isclear(bprm->cap_inheritable)) + return 1; + } + return (current->euid != current->uid || current->egid != current->gid); } @@ -193,7 +314,11 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; @@ -202,7 +327,11 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, int cap_inode_removexattr(struct dentry *dentry, char *name) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + return 0; + } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; @@ -299,6 +428,83 @@ int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, return 0; } +#ifdef CONFIG_SECURITY_FILE_CAPABILITIES +/* + * Rationale: code calling task_setscheduler, task_setioprio, and + * task_setnice, assumes that + * . if capable(cap_sys_nice), then those actions should be allowed + * . if not capable(cap_sys_nice), but acting on your own processes, + * then those actions should be allowed + * This is insufficient now since you can call code without suid, but + * yet with increased caps. + * So we check for increased caps on the target process. + */ +static inline int cap_safe_nice(struct task_struct *p) +{ + if (!cap_issubset(p->cap_permitted, current->cap_permitted) && + !__capable(current, CAP_SYS_NICE)) + return -EPERM; + return 0; +} + +int cap_task_setscheduler (struct task_struct *p, int policy, + struct sched_param *lp) +{ + return cap_safe_nice(p); +} + +int cap_task_setioprio (struct task_struct *p, int ioprio) +{ + return cap_safe_nice(p); +} + +int cap_task_setnice (struct task_struct *p, int nice) +{ + return cap_safe_nice(p); +} + +int cap_task_kill(struct task_struct *p, struct siginfo *info, + int sig, u32 secid) +{ + if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) + return 0; + + if (secid) + /* + * Signal sent as a particular user. + * Capabilities are ignored. May be wrong, but it's the + * only thing we can do at the moment. + * Used only by usb drivers? + */ + return 0; + if (cap_issubset(p->cap_permitted, current->cap_permitted)) + return 0; + if (capable(CAP_KILL)) + return 0; + + return -EPERM; +} +#else +int cap_task_setscheduler (struct task_struct *p, int policy, + struct sched_param *lp) +{ + return 0; +} +int cap_task_setioprio (struct task_struct *p, int ioprio) +{ + return 0; +} +int cap_task_setnice (struct task_struct *p, int nice) +{ + return 0; +} +int cap_task_kill(struct task_struct *p, struct siginfo *info, + int sig, u32 secid) +{ + return 0; +} +#endif + void cap_task_reparent_to_init (struct task_struct *p) { p->cap_effective = CAP_INIT_EFF_SET; @@ -324,21 +530,3 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) return __vm_enough_memory(mm, pages, cap_sys_admin); } -EXPORT_SYMBOL(cap_capable); -EXPORT_SYMBOL(cap_settime); -EXPORT_SYMBOL(cap_ptrace); -EXPORT_SYMBOL(cap_capget); -EXPORT_SYMBOL(cap_capset_check); -EXPORT_SYMBOL(cap_capset_set); -EXPORT_SYMBOL(cap_bprm_set_security); -EXPORT_SYMBOL(cap_bprm_apply_creds); -EXPORT_SYMBOL(cap_bprm_secureexec); -EXPORT_SYMBOL(cap_inode_setxattr); -EXPORT_SYMBOL(cap_inode_removexattr); -EXPORT_SYMBOL(cap_task_post_setuid); -EXPORT_SYMBOL(cap_task_reparent_to_init); -EXPORT_SYMBOL(cap_syslog); -EXPORT_SYMBOL(cap_vm_enough_memory); - -MODULE_DESCRIPTION("Standard Linux Common Capabilities Security Module"); -MODULE_LICENSE("GPL"); diff --git a/security/dummy.c b/security/dummy.c index 64b647a0d9a..bc43d4c7383 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -15,7 +15,6 @@ #undef DEBUG #include <linux/capability.h> -#include <linux/module.h> #include <linux/kernel.h> #include <linux/mman.h> #include <linux/pagemap.h> @@ -377,6 +376,16 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name) return 0; } +static int dummy_inode_need_killpriv(struct dentry *dentry) +{ + return 0; +} + +static int dummy_inode_killpriv(struct dentry *dentry) +{ + return 0; +} + static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) { return -EOPNOTSUPP; @@ -392,11 +401,6 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu return 0; } -static const char *dummy_inode_xattr_getsuffix(void) -{ - return NULL; -} - static int dummy_file_permission (struct file *file, int mask) { return 0; @@ -906,11 +910,6 @@ static int dummy_register_security (const char *name, struct security_operations return -EINVAL; } -static int dummy_unregister_security (const char *name, struct security_operations *ops) -{ - return -EINVAL; -} - static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) { return; @@ -1023,7 +1022,8 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, inode_getxattr); set_to_dummy_if_null(ops, inode_listxattr); set_to_dummy_if_null(ops, inode_removexattr); - set_to_dummy_if_null(ops, inode_xattr_getsuffix); + set_to_dummy_if_null(ops, inode_need_killpriv); + set_to_dummy_if_null(ops, inode_killpriv); set_to_dummy_if_null(ops, inode_getsecurity); set_to_dummy_if_null(ops, inode_setsecurity); set_to_dummy_if_null(ops, inode_listsecurity); @@ -1084,7 +1084,6 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, netlink_send); set_to_dummy_if_null(ops, netlink_recv); set_to_dummy_if_null(ops, register_security); - set_to_dummy_if_null(ops, unregister_security); set_to_dummy_if_null(ops, d_instantiate); set_to_dummy_if_null(ops, getprocattr); set_to_dummy_if_null(ops, setprocattr); diff --git a/security/inode.c b/security/inode.c index 307211ac734..b28a8acae34 100644 --- a/security/inode.c +++ b/security/inode.c @@ -332,14 +332,6 @@ static int __init securityfs_init(void) return retval; } -static void __exit securityfs_exit(void) -{ - simple_release_fs(&mount, &mount_count); - unregister_filesystem(&fs_type); - subsystem_unregister(&security_subsys); -} - core_initcall(securityfs_init); -module_exit(securityfs_exit); MODULE_LICENSE("GPL"); diff --git a/security/keys/internal.h b/security/keys/internal.h index 1bb416f4bbc..d36d6939335 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -1,6 +1,6 @@ /* internal.h: authentication token and access key management internal defs * - * Copyright (C) 2003-5 Red Hat, Inc. All Rights Reserved. + * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or @@ -12,17 +12,28 @@ #ifndef _INTERNAL_H #define _INTERNAL_H -#include <linux/key.h> +#include <linux/key-type.h> #include <linux/key-ui.h> -#if 0 -#define kenter(FMT, a...) printk("==> %s("FMT")\n",__FUNCTION__ , ## a) -#define kleave(FMT, a...) printk("<== %s()"FMT"\n",__FUNCTION__ , ## a) -#define kdebug(FMT, a...) printk(FMT"\n" , ## a) +static inline __attribute__((format(printf, 1, 2))) +void no_printk(const char *fmt, ...) +{ +} + +#ifdef __KDEBUG +#define kenter(FMT, ...) \ + printk(KERN_DEBUG "==> %s("FMT")\n", __FUNCTION__, ##__VA_ARGS__) +#define kleave(FMT, ...) \ + printk(KERN_DEBUG "<== %s()"FMT"\n", __FUNCTION__, ##__VA_ARGS__) +#define kdebug(FMT, ...) \ + printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) #else -#define kenter(FMT, a...) do {} while(0) -#define kleave(FMT, a...) do {} while(0) -#define kdebug(FMT, a...) do {} while(0) +#define kenter(FMT, ...) \ + no_printk(KERN_DEBUG "==> %s("FMT")\n", __FUNCTION__, ##__VA_ARGS__) +#define kleave(FMT, ...) \ + no_printk(KERN_DEBUG "<== %s()"FMT"\n", __FUNCTION__, ##__VA_ARGS__) +#define kdebug(FMT, ...) \ + no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__) #endif extern struct key_type key_type_user; @@ -36,7 +47,7 @@ extern struct key_type key_type_user; */ struct key_user { struct rb_node node; - struct list_head consq; /* construction queue */ + struct mutex cons_lock; /* construction initiation lock */ spinlock_t lock; atomic_t usage; /* for accessing qnkeys & qnbytes */ atomic_t nkeys; /* number of keys */ @@ -62,7 +73,7 @@ extern void key_user_put(struct key_user *user); extern struct rb_root key_serial_tree; extern spinlock_t key_serial_lock; extern struct semaphore key_alloc_sem; -extern struct rw_semaphore key_construction_sem; +extern struct mutex key_construction_mutex; extern wait_queue_head_t request_key_conswq; @@ -109,7 +120,7 @@ extern struct key *request_key_and_link(struct key_type *type, struct request_key_auth { struct key *target_key; struct task_struct *context; - const char *callout_info; + char *callout_info; pid_t pid; }; diff --git a/security/keys/key.c b/security/keys/key.c index 01bbc6d9d19..fdd5ca6d89f 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -1,6 +1,6 @@ -/* key.c: basic authentication token and access key management +/* Basic authentication token and access key management * - * Copyright (C) 2004-6 Red Hat, Inc. All Rights Reserved. + * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or @@ -34,7 +34,7 @@ static void key_cleanup(struct work_struct *work); static DECLARE_WORK(key_cleanup_task, key_cleanup); /* we serialise key instantiation and link */ -DECLARE_RWSEM(key_construction_sem); +DEFINE_MUTEX(key_construction_mutex); /* any key who's type gets unegistered will be re-typed to this */ static struct key_type key_type_dead = { @@ -104,7 +104,7 @@ struct key_user *key_user_lookup(uid_t uid) candidate->qnkeys = 0; candidate->qnbytes = 0; spin_lock_init(&candidate->lock); - INIT_LIST_HEAD(&candidate->consq); + mutex_init(&candidate->cons_lock); rb_link_node(&candidate->node, parent, p); rb_insert_color(&candidate->node, &key_user_tree); @@ -418,7 +418,7 @@ static int __key_instantiate_and_link(struct key *key, awaken = 0; ret = -EBUSY; - down_write(&key_construction_sem); + mutex_lock(&key_construction_mutex); /* can't instantiate twice */ if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { @@ -443,11 +443,11 @@ static int __key_instantiate_and_link(struct key *key, } } - up_write(&key_construction_sem); + mutex_unlock(&key_construction_mutex); /* wake up anyone waiting for a key to be constructed */ if (awaken) - wake_up_all(&request_key_conswq); + wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); return ret; @@ -500,7 +500,7 @@ int key_negate_and_link(struct key *key, if (keyring) down_write(&keyring->sem); - down_write(&key_construction_sem); + mutex_lock(&key_construction_mutex); /* can't instantiate twice */ if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { @@ -525,14 +525,14 @@ int key_negate_and_link(struct key *key, key_revoke(instkey); } - up_write(&key_construction_sem); + mutex_unlock(&key_construction_mutex); if (keyring) up_write(&keyring->sem); /* wake up anyone waiting for a key to be constructed */ if (awaken) - wake_up_all(&request_key_conswq); + wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); return ret; @@ -899,12 +899,14 @@ void key_revoke(struct key *key) { key_check(key); - /* make sure no one's trying to change or use the key when we mark - * it */ - down_write(&key->sem); - set_bit(KEY_FLAG_REVOKED, &key->flags); - - if (key->type->revoke) + /* make sure no one's trying to change or use the key when we mark it + * - we tell lockdep that we might nest because we might be revoking an + * authorisation key whilst holding the sem on a key we've just + * instantiated + */ + down_write_nested(&key->sem, 1); + if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) && + key->type->revoke) key->type->revoke(key); up_write(&key->sem); diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b6f86808475..2a0eb946fc7 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -26,7 +26,7 @@ static DEFINE_MUTEX(key_session_mutex); /* the root user's tracking struct */ struct key_user root_key_user = { .usage = ATOMIC_INIT(3), - .consq = LIST_HEAD_INIT(root_key_user.consq), + .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), .nkeys = ATOMIC_INIT(2), .nikeys = ATOMIC_INIT(2), @@ -679,8 +679,18 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, break; } - /* check the status */ - if (perm) { + if (!partial) { + ret = wait_for_key_construction(key, true); + switch (ret) { + case -ERESTARTSYS: + goto invalid_key; + default: + if (perm) + goto invalid_key; + case 0: + break; + } + } else if (perm) { ret = key_validate(key); if (ret < 0) goto invalid_key; diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 557500110a1..6381e616c47 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -1,6 +1,6 @@ -/* request_key.c: request a key from userspace +/* Request a key from userspace * - * Copyright (C) 2004-6 Red Hat, Inc. All Rights Reserved. + * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or @@ -18,27 +18,54 @@ #include <linux/keyctl.h> #include "internal.h" -struct key_construction { - struct list_head link; /* link in construction queue */ - struct key *key; /* key being constructed */ -}; +/* + * wait_on_bit() sleep function for uninterruptible waiting + */ +static int key_wait_bit(void *flags) +{ + schedule(); + return 0; +} + +/* + * wait_on_bit() sleep function for interruptible waiting + */ +static int key_wait_bit_intr(void *flags) +{ + schedule(); + return signal_pending(current) ? -ERESTARTSYS : 0; +} + +/* + * call to complete the construction of a key + */ +void complete_request_key(struct key_construction *cons, int error) +{ + kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error); -/* when waiting for someone else's keys, you get added to this */ -DECLARE_WAIT_QUEUE_HEAD(request_key_conswq); + if (error < 0) + key_negate_and_link(cons->key, key_negative_timeout, NULL, + cons->authkey); + else + key_revoke(cons->authkey); + + key_put(cons->key); + key_put(cons->authkey); + kfree(cons); +} +EXPORT_SYMBOL(complete_request_key); -/*****************************************************************************/ /* * request userspace finish the construction of a key * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" */ -static int call_sbin_request_key(struct key *key, - struct key *authkey, +static int call_sbin_request_key(struct key_construction *cons, const char *op, void *aux) { struct task_struct *tsk = current; key_serial_t prkey, sskey; - struct key *keyring; + struct key *key = cons->key, *authkey = cons->authkey, *keyring; char *argv[9], *envp[3], uid_str[12], gid_str[12]; char key_str[12], keyring_str[3][12]; char desc[20]; @@ -82,8 +109,7 @@ static int call_sbin_request_key(struct key *key, rcu_read_lock(); sskey = rcu_dereference(tsk->signal->session_keyring)->serial; rcu_read_unlock(); - } - else { + } else { sskey = tsk->user->session_keyring->serial; } @@ -110,228 +136,77 @@ static int call_sbin_request_key(struct key *key, /* do it */ ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, UMH_WAIT_PROC); + kdebug("usermode -> 0x%x", ret); + if (ret >= 0) { + /* ret is the exit/wait code */ + if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || + key_validate(key) < 0) + ret = -ENOKEY; + else + /* ignore any errors from userspace if the key was + * instantiated */ + ret = 0; + } error_link: key_put(keyring); error_alloc: kleave(" = %d", ret); + complete_request_key(cons, ret); return ret; +} -} /* end call_sbin_request_key() */ - -/*****************************************************************************/ /* - * call out to userspace for the key - * - called with the construction sem held, but the sem is dropped here + * call out to userspace for key construction * - we ignore program failure and go on key status instead */ -static struct key *__request_key_construction(struct key_type *type, - const char *description, - const char *callout_info, - void *aux, - unsigned long flags) +static int construct_key(struct key *key, const char *callout_info, void *aux) { + struct key_construction *cons; request_key_actor_t actor; - struct key_construction cons; - struct timespec now; - struct key *key, *authkey; - int ret, negated; + struct key *authkey; + int ret; - kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags); + kenter("%d,%s,%p", key->serial, callout_info, aux); - /* create a key and add it to the queue */ - key = key_alloc(type, description, - current->fsuid, current->fsgid, current, KEY_POS_ALL, - flags); - if (IS_ERR(key)) - goto alloc_failed; - - set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); - - cons.key = key; - list_add_tail(&cons.link, &key->user->consq); - - /* we drop the construction sem here on behalf of the caller */ - up_write(&key_construction_sem); + cons = kmalloc(sizeof(*cons), GFP_KERNEL); + if (!cons) + return -ENOMEM; /* allocate an authorisation key */ authkey = request_key_auth_new(key, callout_info); if (IS_ERR(authkey)) { + kfree(cons); ret = PTR_ERR(authkey); authkey = NULL; - goto alloc_authkey_failed; - } - - /* make the call */ - actor = call_sbin_request_key; - if (type->request_key) - actor = type->request_key; - ret = actor(key, authkey, "create", aux); - if (ret < 0) - goto request_failed; - - /* if the key wasn't instantiated, then we want to give an error */ - ret = -ENOKEY; - if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) - goto request_failed; - - key_revoke(authkey); - key_put(authkey); - - down_write(&key_construction_sem); - list_del(&cons.link); - up_write(&key_construction_sem); - - /* also give an error if the key was negatively instantiated */ -check_not_negative: - if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { - key_put(key); - key = ERR_PTR(-ENOKEY); - } - -out: - kleave(" = %p", key); - return key; - -request_failed: - key_revoke(authkey); - key_put(authkey); - -alloc_authkey_failed: - /* it wasn't instantiated - * - remove from construction queue - * - mark the key as dead - */ - negated = 0; - down_write(&key_construction_sem); - - list_del(&cons.link); - - /* check it didn't get instantiated between the check and the down */ - if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { - set_bit(KEY_FLAG_NEGATIVE, &key->flags); - set_bit(KEY_FLAG_INSTANTIATED, &key->flags); - negated = 1; - } - - clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); - - up_write(&key_construction_sem); - - if (!negated) - goto check_not_negative; /* surprisingly, the key got - * instantiated */ - - /* set the timeout and store in the session keyring if we can */ - now = current_kernel_time(); - key->expiry = now.tv_sec + key_negative_timeout; - - if (current->signal->session_keyring) { - struct key *keyring; - - rcu_read_lock(); - keyring = rcu_dereference(current->signal->session_keyring); - atomic_inc(&keyring->usage); - rcu_read_unlock(); - - key_link(keyring, key); - key_put(keyring); - } - - key_put(key); - - /* notify anyone who was waiting */ - wake_up_all(&request_key_conswq); - - key = ERR_PTR(ret); - goto out; - -alloc_failed: - up_write(&key_construction_sem); - goto out; - -} /* end __request_key_construction() */ - -/*****************************************************************************/ -/* - * call out to userspace to request the key - * - we check the construction queue first to see if an appropriate key is - * already being constructed by userspace - */ -static struct key *request_key_construction(struct key_type *type, - const char *description, - const char *callout_info, - void *aux, - struct key_user *user, - unsigned long flags) -{ - struct key_construction *pcons; - struct key *key, *ckey; - - DECLARE_WAITQUEUE(myself, current); - - kenter("%s,%s,{%d},%s,%lx", - type->name, description, user->uid, callout_info, flags); - - /* see if there's such a key under construction already */ - down_write(&key_construction_sem); - - list_for_each_entry(pcons, &user->consq, link) { - ckey = pcons->key; - - if (ckey->type != type) - continue; - - if (type->match(ckey, description)) - goto found_key_under_construction; + } else { + cons->authkey = key_get(authkey); + cons->key = key_get(key); + + /* make the call */ + actor = call_sbin_request_key; + if (key->type->request_key) + actor = key->type->request_key; + + ret = actor(cons, "create", aux); + + /* check that the actor called complete_request_key() prior to + * returning an error */ + WARN_ON(ret < 0 && + !test_bit(KEY_FLAG_REVOKED, &authkey->flags)); + key_put(authkey); } - /* see about getting userspace to construct the key */ - key = __request_key_construction(type, description, callout_info, aux, - flags); - error: - kleave(" = %p", key); - return key; - - /* someone else has the same key under construction - * - we want to keep an eye on their key - */ - found_key_under_construction: - atomic_inc(&ckey->usage); - up_write(&key_construction_sem); - - /* wait for the key to be completed one way or another */ - add_wait_queue(&request_key_conswq, &myself); - - for (;;) { - set_current_state(TASK_INTERRUPTIBLE); - if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags)) - break; - if (signal_pending(current)) - break; - schedule(); - } - - set_current_state(TASK_RUNNING); - remove_wait_queue(&request_key_conswq, &myself); - - /* we'll need to search this process's keyrings to see if the key is - * now there since we can't automatically assume it's also available - * there */ - key_put(ckey); - ckey = NULL; - - key = NULL; /* request a retry */ - goto error; - -} /* end request_key_construction() */ + kleave(" = %d", ret); + return ret; +} -/*****************************************************************************/ /* - * link a freshly minted key to an appropriate destination keyring + * link a key to the appropriate destination keyring + * - the caller must hold a write lock on the destination keyring */ -static void request_key_link(struct key *key, struct key *dest_keyring) +static void construct_key_make_link(struct key *key, struct key *dest_keyring) { struct task_struct *tsk = current; struct key *drop = NULL; @@ -363,11 +238,11 @@ static void request_key_link(struct key *key, struct key *dest_keyring) break; case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: - dest_keyring = current->user->session_keyring; + dest_keyring = tsk->user->session_keyring; break; case KEY_REQKEY_DEFL_USER_KEYRING: - dest_keyring = current->user->uid_keyring; + dest_keyring = tsk->user->uid_keyring; break; case KEY_REQKEY_DEFL_GROUP_KEYRING: @@ -377,15 +252,115 @@ static void request_key_link(struct key *key, struct key *dest_keyring) } /* and attach the key to it */ - key_link(dest_keyring, key); - + __key_link(dest_keyring, key); key_put(drop); - kleave(""); +} -} /* end request_key_link() */ +/* + * allocate a new key in under-construction state and attempt to link it in to + * the requested place + * - may return a key that's already under construction instead + */ +static int construct_alloc_key(struct key_type *type, + const char *description, + struct key *dest_keyring, + unsigned long flags, + struct key_user *user, + struct key **_key) +{ + struct key *key; + key_ref_t key_ref; + + kenter("%s,%s,,,", type->name, description); + + mutex_lock(&user->cons_lock); + + key = key_alloc(type, description, + current->fsuid, current->fsgid, current, KEY_POS_ALL, + flags); + if (IS_ERR(key)) + goto alloc_failed; + + set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); + + if (dest_keyring) + down_write(&dest_keyring->sem); + + /* attach the key to the destination keyring under lock, but we do need + * to do another check just in case someone beat us to it whilst we + * waited for locks */ + mutex_lock(&key_construction_mutex); + + key_ref = search_process_keyrings(type, description, type->match, + current); + if (!IS_ERR(key_ref)) + goto key_already_present; + + if (dest_keyring) + construct_key_make_link(key, dest_keyring); + + mutex_unlock(&key_construction_mutex); + if (dest_keyring) + up_write(&dest_keyring->sem); + mutex_unlock(&user->cons_lock); + *_key = key; + kleave(" = 0 [%d]", key_serial(key)); + return 0; + +key_already_present: + mutex_unlock(&key_construction_mutex); + if (dest_keyring) + up_write(&dest_keyring->sem); + mutex_unlock(&user->cons_lock); + key_put(key); + *_key = key = key_ref_to_ptr(key_ref); + kleave(" = -EINPROGRESS [%d]", key_serial(key)); + return -EINPROGRESS; + +alloc_failed: + mutex_unlock(&user->cons_lock); + *_key = NULL; + kleave(" = %ld", PTR_ERR(key)); + return PTR_ERR(key); +} + +/* + * commence key construction + */ +static struct key *construct_key_and_link(struct key_type *type, + const char *description, + const char *callout_info, + void *aux, + struct key *dest_keyring, + unsigned long flags) +{ + struct key_user *user; + struct key *key; + int ret; + + user = key_user_lookup(current->fsuid); + if (!user) + return ERR_PTR(-ENOMEM); + + ret = construct_alloc_key(type, description, dest_keyring, flags, user, + &key); + key_user_put(user); + + if (ret == 0) { + ret = construct_key(key, callout_info, aux); + if (ret < 0) + goto construction_failed; + } + + return key; + +construction_failed: + key_negate_and_link(key, key_negative_timeout, NULL, NULL); + key_put(key); + return ERR_PTR(ret); +} -/*****************************************************************************/ /* * request a key * - search the process's keyrings @@ -400,7 +375,6 @@ struct key *request_key_and_link(struct key_type *type, struct key *dest_keyring, unsigned long flags) { - struct key_user *user; struct key *key; key_ref_t key_ref; @@ -412,112 +386,124 @@ struct key *request_key_and_link(struct key_type *type, key_ref = search_process_keyrings(type, description, type->match, current); - kdebug("search 1: %p", key_ref); - if (!IS_ERR(key_ref)) { key = key_ref_to_ptr(key_ref); - } - else if (PTR_ERR(key_ref) != -EAGAIN) { + } else if (PTR_ERR(key_ref) != -EAGAIN) { key = ERR_PTR(PTR_ERR(key_ref)); - } - else { + } else { /* the search failed, but the keyrings were searchable, so we * should consult userspace if we can */ key = ERR_PTR(-ENOKEY); if (!callout_info) goto error; - /* - get hold of the user's construction queue */ - user = key_user_lookup(current->fsuid); - if (!user) - goto nomem; - - for (;;) { - if (signal_pending(current)) - goto interrupted; - - /* ask userspace (returns NULL if it waited on a key - * being constructed) */ - key = request_key_construction(type, description, - callout_info, aux, - user, flags); - if (key) - break; - - /* someone else made the key we want, so we need to - * search again as it might now be available to us */ - key_ref = search_process_keyrings(type, description, - type->match, - current); - - kdebug("search 2: %p", key_ref); - - if (!IS_ERR(key_ref)) { - key = key_ref_to_ptr(key_ref); - break; - } - - if (PTR_ERR(key_ref) != -EAGAIN) { - key = ERR_PTR(PTR_ERR(key_ref)); - break; - } - } - - key_user_put(user); - - /* link the new key into the appropriate keyring */ - if (!IS_ERR(key)) - request_key_link(key, dest_keyring); + key = construct_key_and_link(type, description, callout_info, + aux, dest_keyring, flags); } error: kleave(" = %p", key); return key; +} -nomem: - key = ERR_PTR(-ENOMEM); - goto error; - -interrupted: - key_user_put(user); - key = ERR_PTR(-EINTR); - goto error; +/* + * wait for construction of a key to complete + */ +int wait_for_key_construction(struct key *key, bool intr) +{ + int ret; -} /* end request_key_and_link() */ + ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, + intr ? key_wait_bit_intr : key_wait_bit, + intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); + if (ret < 0) + return ret; + return key_validate(key); +} +EXPORT_SYMBOL(wait_for_key_construction); -/*****************************************************************************/ /* * request a key * - search the process's keyrings * - check the list of keys being created or updated * - call out to userspace for a key if supplementary info was provided + * - waits uninterruptible for creation to complete */ struct key *request_key(struct key_type *type, const char *description, const char *callout_info) { - return request_key_and_link(type, description, callout_info, NULL, - NULL, KEY_ALLOC_IN_QUOTA); - -} /* end request_key() */ - + struct key *key; + int ret; + + key = request_key_and_link(type, description, callout_info, NULL, + NULL, KEY_ALLOC_IN_QUOTA); + if (!IS_ERR(key)) { + ret = wait_for_key_construction(key, false); + if (ret < 0) { + key_put(key); + return ERR_PTR(ret); + } + } + return key; +} EXPORT_SYMBOL(request_key); -/*****************************************************************************/ /* * request a key with auxiliary data for the upcaller * - search the process's keyrings * - check the list of keys being created or updated * - call out to userspace for a key if supplementary info was provided + * - waits uninterruptible for creation to complete */ struct key *request_key_with_auxdata(struct key_type *type, const char *description, const char *callout_info, void *aux) { - return request_key_and_link(type, description, callout_info, aux, - NULL, KEY_ALLOC_IN_QUOTA); + struct key *key; + int ret; + + key = request_key_and_link(type, description, callout_info, aux, + NULL, KEY_ALLOC_IN_QUOTA); + if (!IS_ERR(key)) { + ret = wait_for_key_construction(key, false); + if (ret < 0) { + key_put(key); + return ERR_PTR(ret); + } + } + return key; +} +EXPORT_SYMBOL(request_key_with_auxdata); -} /* end request_key_with_auxdata() */ +/* + * request a key (allow async construction) + * - search the process's keyrings + * - check the list of keys being created or updated + * - call out to userspace for a key if supplementary info was provided + */ +struct key *request_key_async(struct key_type *type, + const char *description, + const char *callout_info) +{ + return request_key_and_link(type, description, callout_info, NULL, + NULL, KEY_ALLOC_IN_QUOTA); +} +EXPORT_SYMBOL(request_key_async); -EXPORT_SYMBOL(request_key_with_auxdata); +/* + * request a key with auxiliary data for the upcaller (allow async construction) + * - search the process's keyrings + * - check the list of keys being created or updated + * - call out to userspace for a key if supplementary info was provided + */ +struct key *request_key_async_with_auxdata(struct key_type *type, + const char *description, + const char *callout_info, + void *aux) +{ + return request_key_and_link(type, description, callout_info, aux, + NULL, KEY_ALLOC_IN_QUOTA); +} +EXPORT_SYMBOL(request_key_async_with_auxdata); diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index cbf58a91b00..510f7be73a2 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -127,6 +127,7 @@ static void request_key_auth_destroy(struct key *key) } key_put(rka->target_key); + kfree(rka->callout_info); kfree(rka); } /* end request_key_auth_destroy() */ @@ -151,6 +152,12 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info) kleave(" = -ENOMEM"); return ERR_PTR(-ENOMEM); } + rka->callout_info = kmalloc(strlen(callout_info) + 1, GFP_KERNEL); + if (!rka->callout_info) { + kleave(" = -ENOMEM"); + kfree(rka); + return ERR_PTR(-ENOMEM); + } /* see if the calling process is already servicing the key request of * another process */ @@ -179,7 +186,7 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info) } rka->target_key = key_get(target); - rka->callout_info = callout_info; + strcpy(rka->callout_info, callout_info); /* allocate the auth key */ sprintf(desc, "%x", target->serial); @@ -203,6 +210,7 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info) auth_key_revoked: up_read(¤t->request_key_auth->sem); + kfree(rka->callout_info); kfree(rka); kleave("= -EKEYREVOKED"); return ERR_PTR(-EKEYREVOKED); @@ -212,6 +220,7 @@ error_inst: key_put(authkey); error_alloc: key_put(rka->target_key); + kfree(rka->callout_info); kfree(rka); kleave("= %d", ret); return ERR_PTR(ret); diff --git a/security/root_plug.c b/security/root_plug.c index 38dd4f3e641..870f13095bb 100644 --- a/security/root_plug.c +++ b/security/root_plug.c @@ -22,11 +22,11 @@ * License. */ -#include <linux/module.h> #include <linux/kernel.h> #include <linux/init.h> #include <linux/security.h> #include <linux/usb.h> +#include <linux/moduleparam.h> /* flag to keep track of how we were registered */ static int secondary; @@ -36,22 +36,14 @@ static int vendor_id = 0x0557; static int product_id = 0x2008; module_param(vendor_id, uint, 0400); -MODULE_PARM_DESC(vendor_id, "USB Vendor ID of device to look for"); - module_param(product_id, uint, 0400); -MODULE_PARM_DESC(product_id, "USB Product ID of device to look for"); /* should we print out debug messages */ static int debug = 0; module_param(debug, bool, 0600); -MODULE_PARM_DESC(debug, "Debug enabled or not"); -#if defined(CONFIG_SECURITY_ROOTPLUG_MODULE) -#define MY_NAME THIS_MODULE->name -#else #define MY_NAME "root_plug" -#endif #define root_dbg(fmt, arg...) \ do { \ @@ -117,25 +109,4 @@ static int __init rootplug_init (void) return 0; } -static void __exit rootplug_exit (void) -{ - /* remove ourselves from the security framework */ - if (secondary) { - if (mod_unreg_security (MY_NAME, &rootplug_security_ops)) - printk (KERN_INFO "Failure unregistering Root Plug " - " module with primary module.\n"); - } else { - if (unregister_security (&rootplug_security_ops)) { - printk (KERN_INFO "Failure unregistering Root Plug " - "module with the kernel\n"); - } - } - printk (KERN_INFO "Root Plug module removed\n"); -} - security_initcall (rootplug_init); -module_exit (rootplug_exit); - -MODULE_DESCRIPTION("Root Plug sample LSM module, written for Linux Journal article"); -MODULE_LICENSE("GPL"); - diff --git a/security/security.c b/security/security.c index 27e5863d30f..0e1f1f12436 100644 --- a/security/security.c +++ b/security/security.c @@ -17,7 +17,6 @@ #include <linux/kernel.h> #include <linux/security.h> -#define SECURITY_FRAMEWORK_VERSION "1.0.0" /* things that live in dummy.c */ extern struct security_operations dummy_security_ops; @@ -52,8 +51,7 @@ static void __init do_security_initcalls(void) */ int __init security_init(void) { - printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION - " initialized\n"); + printk(KERN_INFO "Security Framework initialized\n"); if (verify(&dummy_security_ops)) { printk(KERN_ERR "%s could not verify " @@ -73,8 +71,7 @@ int __init security_init(void) * * This function is to allow a security module to register itself with the * kernel security subsystem. Some rudimentary checking is done on the @ops - * value passed to this function. A call to unregister_security() should be - * done to remove this security_options structure from the kernel. + * value passed to this function. * * If there is already a security module registered with the kernel, * an error will be returned. Otherwise 0 is returned on success. @@ -96,31 +93,6 @@ int register_security(struct security_operations *ops) } /** - * unregister_security - unregisters a security framework with the kernel - * @ops: a pointer to the struct security_options that is to be registered - * - * This function removes a struct security_operations variable that had - * previously been registered with a successful call to register_security(). - * - * If @ops does not match the valued previously passed to register_security() - * an error is returned. Otherwise the default security options is set to the - * the dummy_security_ops structure, and 0 is returned. - */ -int unregister_security(struct security_operations *ops) -{ - if (ops != security_ops) { - printk(KERN_INFO "%s: trying to unregister " - "a security_opts structure that is not " - "registered, failing.\n", __FUNCTION__); - return -EINVAL; - } - - security_ops = &dummy_security_ops; - - return 0; -} - -/** * mod_reg_security - allows security modules to be "stacked" * @name: a pointer to a string with the name of the security_options to be registered * @ops: a pointer to the struct security_options that is to be registered @@ -149,32 +121,962 @@ int mod_reg_security(const char *name, struct security_operations *ops) return security_ops->register_security(name, ops); } -/** - * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded - * @name: a pointer to a string with the name of the security_options to be removed - * @ops: a pointer to the struct security_options that is to be removed - * - * This function allows security modules that have been successfully registered - * with a call to mod_reg_security() to be unloaded from the system. - * This calls the currently loaded security module's unregister_security() call - * with the @name and @ops variables. - * - * The return value depends on the currently loaded security module, with 0 as - * success. - */ -int mod_unreg_security(const char *name, struct security_operations *ops) +/* Security operations */ + +int security_ptrace(struct task_struct *parent, struct task_struct *child) { - if (ops == security_ops) { - printk(KERN_INFO "%s invalid attempt to unregister " - " primary security ops.\n", __FUNCTION__); - return -EINVAL; - } + return security_ops->ptrace(parent, child); +} + +int security_capget(struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + return security_ops->capget(target, effective, inheritable, permitted); +} + +int security_capset_check(struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + return security_ops->capset_check(target, effective, inheritable, permitted); +} + +void security_capset_set(struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + security_ops->capset_set(target, effective, inheritable, permitted); +} + +int security_capable(struct task_struct *tsk, int cap) +{ + return security_ops->capable(tsk, cap); +} + +int security_acct(struct file *file) +{ + return security_ops->acct(file); +} + +int security_sysctl(struct ctl_table *table, int op) +{ + return security_ops->sysctl(table, op); +} + +int security_quotactl(int cmds, int type, int id, struct super_block *sb) +{ + return security_ops->quotactl(cmds, type, id, sb); +} + +int security_quota_on(struct dentry *dentry) +{ + return security_ops->quota_on(dentry); +} + +int security_syslog(int type) +{ + return security_ops->syslog(type); +} + +int security_settime(struct timespec *ts, struct timezone *tz) +{ + return security_ops->settime(ts, tz); +} + +int security_vm_enough_memory(long pages) +{ + return security_ops->vm_enough_memory(current->mm, pages); +} + +int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +{ + return security_ops->vm_enough_memory(mm, pages); +} + +int security_bprm_alloc(struct linux_binprm *bprm) +{ + return security_ops->bprm_alloc_security(bprm); +} + +void security_bprm_free(struct linux_binprm *bprm) +{ + security_ops->bprm_free_security(bprm); +} + +void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) +{ + security_ops->bprm_apply_creds(bprm, unsafe); +} + +void security_bprm_post_apply_creds(struct linux_binprm *bprm) +{ + security_ops->bprm_post_apply_creds(bprm); +} + +int security_bprm_set(struct linux_binprm *bprm) +{ + return security_ops->bprm_set_security(bprm); +} + +int security_bprm_check(struct linux_binprm *bprm) +{ + return security_ops->bprm_check_security(bprm); +} + +int security_bprm_secureexec(struct linux_binprm *bprm) +{ + return security_ops->bprm_secureexec(bprm); +} + +int security_sb_alloc(struct super_block *sb) +{ + return security_ops->sb_alloc_security(sb); +} + +void security_sb_free(struct super_block *sb) +{ + security_ops->sb_free_security(sb); +} + +int security_sb_copy_data(struct file_system_type *type, void *orig, void *copy) +{ + return security_ops->sb_copy_data(type, orig, copy); +} + +int security_sb_kern_mount(struct super_block *sb, void *data) +{ + return security_ops->sb_kern_mount(sb, data); +} + +int security_sb_statfs(struct dentry *dentry) +{ + return security_ops->sb_statfs(dentry); +} + +int security_sb_mount(char *dev_name, struct nameidata *nd, + char *type, unsigned long flags, void *data) +{ + return security_ops->sb_mount(dev_name, nd, type, flags, data); +} + +int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd) +{ + return security_ops->sb_check_sb(mnt, nd); +} + +int security_sb_umount(struct vfsmount *mnt, int flags) +{ + return security_ops->sb_umount(mnt, flags); +} + +void security_sb_umount_close(struct vfsmount *mnt) +{ + security_ops->sb_umount_close(mnt); +} + +void security_sb_umount_busy(struct vfsmount *mnt) +{ + security_ops->sb_umount_busy(mnt); +} + +void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data) +{ + security_ops->sb_post_remount(mnt, flags, data); +} + +void security_sb_post_mountroot(void) +{ + security_ops->sb_post_mountroot(); +} + +void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd) +{ + security_ops->sb_post_addmount(mnt, mountpoint_nd); +} + +int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd) +{ + return security_ops->sb_pivotroot(old_nd, new_nd); +} + +void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd) +{ + security_ops->sb_post_pivotroot(old_nd, new_nd); +} + +int security_inode_alloc(struct inode *inode) +{ + inode->i_security = NULL; + return security_ops->inode_alloc_security(inode); +} + +void security_inode_free(struct inode *inode) +{ + security_ops->inode_free_security(inode); +} + +int security_inode_init_security(struct inode *inode, struct inode *dir, + char **name, void **value, size_t *len) +{ + if (unlikely(IS_PRIVATE(inode))) + return -EOPNOTSUPP; + return security_ops->inode_init_security(inode, dir, name, value, len); +} +EXPORT_SYMBOL(security_inode_init_security); + +int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) +{ + if (unlikely(IS_PRIVATE(dir))) + return 0; + return security_ops->inode_create(dir, dentry, mode); +} + +int security_inode_link(struct dentry *old_dentry, struct inode *dir, + struct dentry *new_dentry) +{ + if (unlikely(IS_PRIVATE(old_dentry->d_inode))) + return 0; + return security_ops->inode_link(old_dentry, dir, new_dentry); +} + +int security_inode_unlink(struct inode *dir, struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_unlink(dir, dentry); +} + +int security_inode_symlink(struct inode *dir, struct dentry *dentry, + const char *old_name) +{ + if (unlikely(IS_PRIVATE(dir))) + return 0; + return security_ops->inode_symlink(dir, dentry, old_name); +} + +int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) +{ + if (unlikely(IS_PRIVATE(dir))) + return 0; + return security_ops->inode_mkdir(dir, dentry, mode); +} + +int security_inode_rmdir(struct inode *dir, struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_rmdir(dir, dentry); +} + +int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +{ + if (unlikely(IS_PRIVATE(dir))) + return 0; + return security_ops->inode_mknod(dir, dentry, mode, dev); +} + +int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, + struct inode *new_dir, struct dentry *new_dentry) +{ + if (unlikely(IS_PRIVATE(old_dentry->d_inode) || + (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) + return 0; + return security_ops->inode_rename(old_dir, old_dentry, + new_dir, new_dentry); +} + +int security_inode_readlink(struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_readlink(dentry); +} + +int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_follow_link(dentry, nd); +} + +int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd) +{ + if (unlikely(IS_PRIVATE(inode))) + return 0; + return security_ops->inode_permission(inode, mask, nd); +} + +int security_inode_setattr(struct dentry *dentry, struct iattr *attr) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_setattr(dentry, attr); +} + +int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_getattr(mnt, dentry); +} + +void security_inode_delete(struct inode *inode) +{ + if (unlikely(IS_PRIVATE(inode))) + return; + security_ops->inode_delete(inode); +} + +int security_inode_setxattr(struct dentry *dentry, char *name, + void *value, size_t size, int flags) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_setxattr(dentry, name, value, size, flags); +} + +void security_inode_post_setxattr(struct dentry *dentry, char *name, + void *value, size_t size, int flags) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return; + security_ops->inode_post_setxattr(dentry, name, value, size, flags); +} + +int security_inode_getxattr(struct dentry *dentry, char *name) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_getxattr(dentry, name); +} + +int security_inode_listxattr(struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_listxattr(dentry); +} + +int security_inode_removexattr(struct dentry *dentry, char *name) +{ + if (unlikely(IS_PRIVATE(dentry->d_inode))) + return 0; + return security_ops->inode_removexattr(dentry, name); +} + +int security_inode_need_killpriv(struct dentry *dentry) +{ + return security_ops->inode_need_killpriv(dentry); +} + +int security_inode_killpriv(struct dentry *dentry) +{ + return security_ops->inode_killpriv(dentry); +} + +int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) +{ + if (unlikely(IS_PRIVATE(inode))) + return 0; + return security_ops->inode_getsecurity(inode, name, buffer, size, err); +} + +int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) +{ + if (unlikely(IS_PRIVATE(inode))) + return 0; + return security_ops->inode_setsecurity(inode, name, value, size, flags); +} + +int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) +{ + if (unlikely(IS_PRIVATE(inode))) + return 0; + return security_ops->inode_listsecurity(inode, buffer, buffer_size); +} + +int security_file_permission(struct file *file, int mask) +{ + return security_ops->file_permission(file, mask); +} + +int security_file_alloc(struct file *file) +{ + return security_ops->file_alloc_security(file); +} + +void security_file_free(struct file *file) +{ + security_ops->file_free_security(file); +} + +int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + return security_ops->file_ioctl(file, cmd, arg); +} + +int security_file_mmap(struct file *file, unsigned long reqprot, + unsigned long prot, unsigned long flags, + unsigned long addr, unsigned long addr_only) +{ + return security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); +} + +int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, + unsigned long prot) +{ + return security_ops->file_mprotect(vma, reqprot, prot); +} + +int security_file_lock(struct file *file, unsigned int cmd) +{ + return security_ops->file_lock(file, cmd); +} + +int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) +{ + return security_ops->file_fcntl(file, cmd, arg); +} + +int security_file_set_fowner(struct file *file) +{ + return security_ops->file_set_fowner(file); +} + +int security_file_send_sigiotask(struct task_struct *tsk, + struct fown_struct *fown, int sig) +{ + return security_ops->file_send_sigiotask(tsk, fown, sig); +} + +int security_file_receive(struct file *file) +{ + return security_ops->file_receive(file); +} + +int security_dentry_open(struct file *file) +{ + return security_ops->dentry_open(file); +} + +int security_task_create(unsigned long clone_flags) +{ + return security_ops->task_create(clone_flags); +} + +int security_task_alloc(struct task_struct *p) +{ + return security_ops->task_alloc_security(p); +} + +void security_task_free(struct task_struct *p) +{ + security_ops->task_free_security(p); +} + +int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) +{ + return security_ops->task_setuid(id0, id1, id2, flags); +} + +int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, + uid_t old_suid, int flags) +{ + return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, flags); +} + +int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) +{ + return security_ops->task_setgid(id0, id1, id2, flags); +} - return security_ops->unregister_security(name, ops); +int security_task_setpgid(struct task_struct *p, pid_t pgid) +{ + return security_ops->task_setpgid(p, pgid); +} + +int security_task_getpgid(struct task_struct *p) +{ + return security_ops->task_getpgid(p); +} + +int security_task_getsid(struct task_struct *p) +{ + return security_ops->task_getsid(p); +} + +void security_task_getsecid(struct task_struct *p, u32 *secid) +{ + security_ops->task_getsecid(p, secid); +} +EXPORT_SYMBOL(security_task_getsecid); + +int security_task_setgroups(struct group_info *group_info) +{ + return security_ops->task_setgroups(group_info); +} + +int security_task_setnice(struct task_struct *p, int nice) +{ + return security_ops->task_setnice(p, nice); +} + +int security_task_setioprio(struct task_struct *p, int ioprio) +{ + return security_ops->task_setioprio(p, ioprio); +} + +int security_task_getioprio(struct task_struct *p) +{ + return security_ops->task_getioprio(p); +} + +int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) +{ + return security_ops->task_setrlimit(resource, new_rlim); +} + +int security_task_setscheduler(struct task_struct *p, + int policy, struct sched_param *lp) +{ + return security_ops->task_setscheduler(p, policy, lp); +} + +int security_task_getscheduler(struct task_struct *p) +{ + return security_ops->task_getscheduler(p); +} + +int security_task_movememory(struct task_struct *p) +{ + return security_ops->task_movememory(p); +} + +int security_task_kill(struct task_struct *p, struct siginfo *info, + int sig, u32 secid) +{ + return security_ops->task_kill(p, info, sig, secid); +} + +int security_task_wait(struct task_struct *p) +{ + return security_ops->task_wait(p); +} + +int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5) +{ + return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); +} + +void security_task_reparent_to_init(struct task_struct *p) +{ + security_ops->task_reparent_to_init(p); +} + +void security_task_to_inode(struct task_struct *p, struct inode *inode) +{ + security_ops->task_to_inode(p, inode); +} + +int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) +{ + return security_ops->ipc_permission(ipcp, flag); +} + +int security_msg_msg_alloc(struct msg_msg *msg) +{ + return security_ops->msg_msg_alloc_security(msg); +} + +void security_msg_msg_free(struct msg_msg *msg) +{ + security_ops->msg_msg_free_security(msg); +} + +int security_msg_queue_alloc(struct msg_queue *msq) +{ + return security_ops->msg_queue_alloc_security(msq); +} + +void security_msg_queue_free(struct msg_queue *msq) +{ + security_ops->msg_queue_free_security(msq); +} + +int security_msg_queue_associate(struct msg_queue *msq, int msqflg) +{ + return security_ops->msg_queue_associate(msq, msqflg); +} + +int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) +{ + return security_ops->msg_queue_msgctl(msq, cmd); +} + +int security_msg_queue_msgsnd(struct msg_queue *msq, + struct msg_msg *msg, int msqflg) +{ + return security_ops->msg_queue_msgsnd(msq, msg, msqflg); +} + +int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, + struct task_struct *target, long type, int mode) +{ + return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode); +} + +int security_shm_alloc(struct shmid_kernel *shp) +{ + return security_ops->shm_alloc_security(shp); +} + +void security_shm_free(struct shmid_kernel *shp) +{ + security_ops->shm_free_security(shp); +} + +int security_shm_associate(struct shmid_kernel *shp, int shmflg) +{ + return security_ops->shm_associate(shp, shmflg); +} + +int security_shm_shmctl(struct shmid_kernel *shp, int cmd) +{ + return security_ops->shm_shmctl(shp, cmd); +} + +int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg) +{ + return security_ops->shm_shmat(shp, shmaddr, shmflg); +} + +int security_sem_alloc(struct sem_array *sma) +{ + return security_ops->sem_alloc_security(sma); +} + +void security_sem_free(struct sem_array *sma) +{ + security_ops->sem_free_security(sma); +} + +int security_sem_associate(struct sem_array *sma, int semflg) +{ + return security_ops->sem_associate(sma, semflg); +} + +int security_sem_semctl(struct sem_array *sma, int cmd) +{ + return security_ops->sem_semctl(sma, cmd); +} + +int security_sem_semop(struct sem_array *sma, struct sembuf *sops, + unsigned nsops, int alter) +{ + return security_ops->sem_semop(sma, sops, nsops, alter); +} + +void security_d_instantiate(struct dentry *dentry, struct inode *inode) +{ + if (unlikely(inode && IS_PRIVATE(inode))) + return; + security_ops->d_instantiate(dentry, inode); +} +EXPORT_SYMBOL(security_d_instantiate); + +int security_getprocattr(struct task_struct *p, char *name, char **value) +{ + return security_ops->getprocattr(p, name, value); +} + +int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) +{ + return security_ops->setprocattr(p, name, value, size); +} + +int security_netlink_send(struct sock *sk, struct sk_buff *skb) +{ + return security_ops->netlink_send(sk, skb); +} + +int security_netlink_recv(struct sk_buff *skb, int cap) +{ + return security_ops->netlink_recv(skb, cap); +} +EXPORT_SYMBOL(security_netlink_recv); + +int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +{ + return security_ops->secid_to_secctx(secid, secdata, seclen); +} +EXPORT_SYMBOL(security_secid_to_secctx); + +void security_release_secctx(char *secdata, u32 seclen) +{ + return security_ops->release_secctx(secdata, seclen); +} +EXPORT_SYMBOL(security_release_secctx); + +#ifdef CONFIG_SECURITY_NETWORK + +int security_unix_stream_connect(struct socket *sock, struct socket *other, + struct sock *newsk) +{ + return security_ops->unix_stream_connect(sock, other, newsk); +} +EXPORT_SYMBOL(security_unix_stream_connect); + +int security_unix_may_send(struct socket *sock, struct socket *other) +{ + return security_ops->unix_may_send(sock, other); +} +EXPORT_SYMBOL(security_unix_may_send); + +int security_socket_create(int family, int type, int protocol, int kern) +{ + return security_ops->socket_create(family, type, protocol, kern); +} + +int security_socket_post_create(struct socket *sock, int family, + int type, int protocol, int kern) +{ + return security_ops->socket_post_create(sock, family, type, + protocol, kern); +} + +int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) +{ + return security_ops->socket_bind(sock, address, addrlen); +} + +int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) +{ + return security_ops->socket_connect(sock, address, addrlen); +} + +int security_socket_listen(struct socket *sock, int backlog) +{ + return security_ops->socket_listen(sock, backlog); +} + +int security_socket_accept(struct socket *sock, struct socket *newsock) +{ + return security_ops->socket_accept(sock, newsock); +} + +void security_socket_post_accept(struct socket *sock, struct socket *newsock) +{ + security_ops->socket_post_accept(sock, newsock); +} + +int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) +{ + return security_ops->socket_sendmsg(sock, msg, size); +} + +int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, + int size, int flags) +{ + return security_ops->socket_recvmsg(sock, msg, size, flags); +} + +int security_socket_getsockname(struct socket *sock) +{ + return security_ops->socket_getsockname(sock); +} + +int security_socket_getpeername(struct socket *sock) +{ + return security_ops->socket_getpeername(sock); +} + +int security_socket_getsockopt(struct socket *sock, int level, int optname) +{ + return security_ops->socket_getsockopt(sock, level, optname); +} + +int security_socket_setsockopt(struct socket *sock, int level, int optname) +{ + return security_ops->socket_setsockopt(sock, level, optname); +} + +int security_socket_shutdown(struct socket *sock, int how) +{ + return security_ops->socket_shutdown(sock, how); +} + +int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) +{ + return security_ops->socket_sock_rcv_skb(sk, skb); +} +EXPORT_SYMBOL(security_sock_rcv_skb); + +int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, + int __user *optlen, unsigned len) +{ + return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); +} + +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +{ + return security_ops->socket_getpeersec_dgram(sock, skb, secid); +} +EXPORT_SYMBOL(security_socket_getpeersec_dgram); + +int security_sk_alloc(struct sock *sk, int family, gfp_t priority) +{ + return security_ops->sk_alloc_security(sk, family, priority); +} + +void security_sk_free(struct sock *sk) +{ + return security_ops->sk_free_security(sk); +} + +void security_sk_clone(const struct sock *sk, struct sock *newsk) +{ + return security_ops->sk_clone_security(sk, newsk); +} + +void security_sk_classify_flow(struct sock *sk, struct flowi *fl) +{ + security_ops->sk_getsecid(sk, &fl->secid); +} +EXPORT_SYMBOL(security_sk_classify_flow); + +void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) +{ + security_ops->req_classify_flow(req, fl); +} +EXPORT_SYMBOL(security_req_classify_flow); + +void security_sock_graft(struct sock *sk, struct socket *parent) +{ + security_ops->sock_graft(sk, parent); +} +EXPORT_SYMBOL(security_sock_graft); + +int security_inet_conn_request(struct sock *sk, + struct sk_buff *skb, struct request_sock *req) +{ + return security_ops->inet_conn_request(sk, skb, req); +} +EXPORT_SYMBOL(security_inet_conn_request); + +void security_inet_csk_clone(struct sock *newsk, + const struct request_sock *req) +{ + security_ops->inet_csk_clone(newsk, req); +} + +void security_inet_conn_established(struct sock *sk, + struct sk_buff *skb) +{ + security_ops->inet_conn_established(sk, skb); +} + +#endif /* CONFIG_SECURITY_NETWORK */ + +#ifdef CONFIG_SECURITY_NETWORK_XFRM + +int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) +{ + return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); +} +EXPORT_SYMBOL(security_xfrm_policy_alloc); + +int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) +{ + return security_ops->xfrm_policy_clone_security(old, new); +} + +void security_xfrm_policy_free(struct xfrm_policy *xp) +{ + security_ops->xfrm_policy_free_security(xp); +} +EXPORT_SYMBOL(security_xfrm_policy_free); + +int security_xfrm_policy_delete(struct xfrm_policy *xp) +{ + return security_ops->xfrm_policy_delete_security(xp); +} + +int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) +{ + return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0); +} +EXPORT_SYMBOL(security_xfrm_state_alloc); + +int security_xfrm_state_alloc_acquire(struct xfrm_state *x, + struct xfrm_sec_ctx *polsec, u32 secid) +{ + if (!polsec) + return 0; + /* + * We want the context to be taken from secid which is usually + * from the sock. + */ + return security_ops->xfrm_state_alloc_security(x, NULL, secid); +} + +int security_xfrm_state_delete(struct xfrm_state *x) +{ + return security_ops->xfrm_state_delete_security(x); +} +EXPORT_SYMBOL(security_xfrm_state_delete); + +void security_xfrm_state_free(struct xfrm_state *x) +{ + security_ops->xfrm_state_free_security(x); +} + +int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) +{ + return security_ops->xfrm_policy_lookup(xp, fl_secid, dir); +} + +int security_xfrm_state_pol_flow_match(struct xfrm_state *x, + struct xfrm_policy *xp, struct flowi *fl) +{ + return security_ops->xfrm_state_pol_flow_match(x, xp, fl); +} + +int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) +{ + return security_ops->xfrm_decode_session(skb, secid, 1); +} + +void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) +{ + int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0); + + BUG_ON(rc); +} +EXPORT_SYMBOL(security_skb_classify_flow); + +#endif /* CONFIG_SECURITY_NETWORK_XFRM */ + +#ifdef CONFIG_KEYS + +int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags) +{ + return security_ops->key_alloc(key, tsk, flags); +} + +void security_key_free(struct key *key) +{ + security_ops->key_free(key); +} + +int security_key_permission(key_ref_t key_ref, + struct task_struct *context, key_perm_t perm) +{ + return security_ops->key_permission(key_ref, context, perm); } -EXPORT_SYMBOL_GPL(register_security); -EXPORT_SYMBOL_GPL(unregister_security); -EXPORT_SYMBOL_GPL(mod_reg_security); -EXPORT_SYMBOL_GPL(mod_unreg_security); -EXPORT_SYMBOL(security_ops); +#endif /* CONFIG_KEYS */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 97b7e273809..24e1b1885de 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -22,7 +22,6 @@ * as published by the Free Software Foundation. */ -#include <linux/module.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/ptrace.h> @@ -86,6 +85,7 @@ extern unsigned int policydb_loaded_version; extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); extern int selinux_compat_net; +extern struct security_operations *security_ops; #ifdef CONFIG_SECURITY_SELINUX_DEVELOP int selinux_enforcing = 0; @@ -2297,6 +2297,25 @@ static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); } +static int selinux_inode_setotherxattr(struct dentry *dentry, char *name) +{ + if (!strncmp(name, XATTR_SECURITY_PREFIX, + sizeof XATTR_SECURITY_PREFIX - 1)) { + if (!strcmp(name, XATTR_NAME_CAPS)) { + if (!capable(CAP_SETFCAP)) + return -EPERM; + } else if (!capable(CAP_SYS_ADMIN)) { + /* A different attribute in the security namespace. + Restrict to administrator. */ + return -EPERM; + } + } + + /* Not an attribute we recognize, so just check the + ordinary setattr permission. */ + return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); +} + static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) { struct task_security_struct *tsec = current->security; @@ -2307,19 +2326,8 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value u32 newsid; int rc = 0; - if (strcmp(name, XATTR_NAME_SELINUX)) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, - sizeof XATTR_SECURITY_PREFIX - 1) && - !capable(CAP_SYS_ADMIN)) { - /* A different attribute in the security namespace. - Restrict to administrator. */ - return -EPERM; - } - - /* Not an attribute we recognize, so just check the - ordinary setattr permission. */ - return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); - } + if (strcmp(name, XATTR_NAME_SELINUX)) + return selinux_inode_setotherxattr(dentry, name); sbsec = inode->i_sb->s_security; if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) @@ -2393,31 +2401,14 @@ static int selinux_inode_listxattr (struct dentry *dentry) static int selinux_inode_removexattr (struct dentry *dentry, char *name) { - if (strcmp(name, XATTR_NAME_SELINUX)) { - if (!strncmp(name, XATTR_SECURITY_PREFIX, - sizeof XATTR_SECURITY_PREFIX - 1) && - !capable(CAP_SYS_ADMIN)) { - /* A different attribute in the security namespace. - Restrict to administrator. */ - return -EPERM; - } - - /* Not an attribute we recognize, so just check the - ordinary setattr permission. Might want a separate - permission for removexattr. */ - return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); - } + if (strcmp(name, XATTR_NAME_SELINUX)) + return selinux_inode_setotherxattr(dentry, name); /* No one is allowed to remove a SELinux security label. You can change the label, but all data must be labeled. */ return -EACCES; } -static const char *selinux_inode_xattr_getsuffix(void) -{ - return XATTR_SELINUX_SUFFIX; -} - /* * Copy the in-core inode security context value to the user. If the * getxattr() prior to this succeeded, check to see if we need to @@ -2464,6 +2455,16 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t return len; } +static int selinux_inode_need_killpriv(struct dentry *dentry) +{ + return secondary_ops->inode_need_killpriv(dentry); +} + +static int selinux_inode_killpriv(struct dentry *dentry) +{ + return secondary_ops->inode_killpriv(dentry); +} + /* file security operations */ static int selinux_revalidate_file_permission(struct file *file, int mask) @@ -2882,6 +2883,12 @@ static int selinux_task_setnice(struct task_struct *p, int nice) static int selinux_task_setioprio(struct task_struct *p, int ioprio) { + int rc; + + rc = secondary_ops->task_setioprio(p, ioprio); + if (rc) + return rc; + return task_has_perm(current, p, PROCESS__SETSCHED); } @@ -2911,6 +2918,12 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp) { + int rc; + + rc = secondary_ops->task_setscheduler(p, policy, lp); + if (rc) + return rc; + return task_has_perm(current, p, PROCESS__SETSCHED); } @@ -4536,19 +4549,6 @@ static int selinux_register_security (const char *name, struct security_operatio return 0; } -static int selinux_unregister_security (const char *name, struct security_operations *ops) -{ - if (ops != secondary_ops) { - printk(KERN_ERR "%s: trying to unregister a security module " - "that is not registered.\n", __FUNCTION__); - return -EINVAL; - } - - secondary_ops = original_ops; - - return 0; -} - static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) { if (inode) @@ -4826,10 +4826,11 @@ static struct security_operations selinux_ops = { .inode_getxattr = selinux_inode_getxattr, .inode_listxattr = selinux_inode_listxattr, .inode_removexattr = selinux_inode_removexattr, - .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix, .inode_getsecurity = selinux_inode_getsecurity, .inode_setsecurity = selinux_inode_setsecurity, .inode_listsecurity = selinux_inode_listsecurity, + .inode_need_killpriv = selinux_inode_need_killpriv, + .inode_killpriv = selinux_inode_killpriv, .file_permission = selinux_file_permission, .file_alloc_security = selinux_file_alloc_security, @@ -4894,7 +4895,6 @@ static struct security_operations selinux_ops = { .sem_semop = selinux_sem_semop, .register_security = selinux_register_security, - .unregister_security = selinux_unregister_security, .d_instantiate = selinux_d_instantiate, diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index ba715f40b65..cb008d9f0a8 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -31,7 +31,6 @@ * 2. Emulating a reasonable SO_PEERSEC across machines * 3. Testing addition of sk_policy's with security context via setsockopt */ -#include <linux/module.h> #include <linux/kernel.h> #include <linux/init.h> #include <linux/security.h> |