Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general

+10 -3

Documentation/admin-guide/LSM/index.rst

··· 17 17 specific changes to system operation when these tweaks are not available 18 18 in the core functionality of Linux itself. 19 19 20 - Without a specific LSM built into the kernel, the default LSM will be the 21 - Linux capabilities system. Most LSMs choose to extend the capabilities 22 - system, building their checks on top of the defined capability hooks. 20 + The Linux capabilities modules will always be included. This may be 21 + followed by any number of "minor" modules and at most one "major" module. 23 22 For more details on capabilities, see ``capabilities(7)`` in the Linux 24 23 man-pages project. 25 24 ··· 28 29 order in which checks are made. The capability module will always 29 30 be first, followed by any "minor" modules (e.g. Yama) and then 30 31 the one "major" module (e.g. SELinux) if there is one configured. 32 + 33 + Process attributes associated with "major" security modules should 34 + be accessed and maintained using the special files in ``/proc/.../attr``. 35 + A security module may maintain a module specific subdirectory there, 36 + named after the module. ``/proc/.../attr/smack`` is provided by the Smack 37 + security module and contains all its special files. The files directly 38 + in ``/proc/.../attr`` remain as legacy interfaces for modules that provide 39 + subdirectories. 31 40 32 41 .. toctree:: 33 42 :maxdepth: 1

+4

Documentation/admin-guide/kernel-parameters.txt

··· 2319 2319 2320 2320 lsm.debug [SECURITY] Enable LSM initialization debugging output. 2321 2321 2322 + lsm=lsm1,...,lsmN 2323 + [SECURITY] Choose order of LSM initialization. This 2324 + overrides CONFIG_LSM. 2325 + 2322 2326 machvec= [IA-64] Force the use of a particular machine-vector 2323 2327 (machvec) in a generic kernel. 2324 2328 Example: machvec=hpzx1_swiotlb

+55 -9

fs/proc/base.c

··· 140 140 #define REG(NAME, MODE, fops) \ 141 141 NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {}) 142 142 #define ONE(NAME, MODE, show) \ 143 - NOD(NAME, (S_IFREG|(MODE)), \ 143 + NOD(NAME, (S_IFREG|(MODE)), \ 144 144 NULL, &proc_single_file_operations, \ 145 145 { .proc_show = show } ) 146 + #define ATTR(LSM, NAME, MODE) \ 147 + NOD(NAME, (S_IFREG|(MODE)), \ 148 + NULL, &proc_pid_attr_operations, \ 149 + { .lsm = LSM }) 146 150 147 151 /* 148 152 * Count the number of hardlinks for the pid_entry table, excluding the . ··· 2529 2525 if (!task) 2530 2526 return -ESRCH; 2531 2527 2532 - length = security_getprocattr(task, 2528 + length = security_getprocattr(task, PROC_I(inode)->op.lsm, 2533 2529 (char*)file->f_path.dentry->d_name.name, 2534 2530 &p); 2535 2531 put_task_struct(task); ··· 2578 2574 if (rv < 0) 2579 2575 goto out_free; 2580 2576 2581 - rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count); 2577 + rv = security_setprocattr(PROC_I(inode)->op.lsm, 2578 + file->f_path.dentry->d_name.name, page, 2579 + count); 2582 2580 mutex_unlock(&current->signal->cred_guard_mutex); 2583 2581 out_free: 2584 2582 kfree(page); ··· 2594 2588 .llseek = generic_file_llseek, 2595 2589 }; 2596 2590 2591 + #define LSM_DIR_OPS(LSM) \ 2592 + static int proc_##LSM##_attr_dir_iterate(struct file *filp, \ 2593 + struct dir_context *ctx) \ 2594 + { \ 2595 + return proc_pident_readdir(filp, ctx, \ 2596 + LSM##_attr_dir_stuff, \ 2597 + ARRAY_SIZE(LSM##_attr_dir_stuff)); \ 2598 + } \ 2599 + \ 2600 + static const struct file_operations proc_##LSM##_attr_dir_ops = { \ 2601 + .read = generic_read_dir, \ 2602 + .iterate = proc_##LSM##_attr_dir_iterate, \ 2603 + .llseek = default_llseek, \ 2604 + }; \ 2605 + \ 2606 + static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \ 2607 + struct dentry *dentry, unsigned int flags) \ 2608 + { \ 2609 + return proc_pident_lookup(dir, dentry, \ 2610 + LSM##_attr_dir_stuff, \ 2611 + ARRAY_SIZE(LSM##_attr_dir_stuff)); \ 2612 + } \ 2613 + \ 2614 + static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \ 2615 + .lookup = proc_##LSM##_attr_dir_lookup, \ 2616 + .getattr = pid_getattr, \ 2617 + .setattr = proc_setattr, \ 2618 + } 2619 + 2620 + #ifdef CONFIG_SECURITY_SMACK 2621 + static const struct pid_entry smack_attr_dir_stuff[] = { 2622 + ATTR("smack", "current", 0666), 2623 + }; 2624 + LSM_DIR_OPS(smack); 2625 + #endif 2626 + 2597 2627 static const struct pid_entry attr_dir_stuff[] = { 2598 - REG("current", S_IRUGO|S_IWUGO, proc_pid_attr_operations), 2599 - REG("prev", S_IRUGO, proc_pid_attr_operations), 2600 - REG("exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations), 2601 - REG("fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), 2602 - REG("keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), 2603 - REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), 2628 + ATTR(NULL, "current", 0666), 2629 + ATTR(NULL, "prev", 0444), 2630 + ATTR(NULL, "exec", 0666), 2631 + ATTR(NULL, "fscreate", 0666), 2632 + ATTR(NULL, "keycreate", 0666), 2633 + ATTR(NULL, "sockcreate", 0666), 2634 + #ifdef CONFIG_SECURITY_SMACK 2635 + DIR("smack", 0555, 2636 + proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), 2637 + #endif 2604 2638 }; 2605 2639 2606 2640 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)

+1

fs/proc/internal.h

··· 81 81 int (*proc_show)(struct seq_file *m, 82 82 struct pid_namespace *ns, struct pid *pid, 83 83 struct task_struct *task); 84 + const char *lsm; 84 85 }; 85 86 86 87 struct proc_inode {

-1

include/linux/cred.h

··· 15 15 #include <linux/capability.h> 16 16 #include <linux/init.h> 17 17 #include <linux/key.h> 18 - #include <linux/selinux.h> 19 18 #include <linux/atomic.h> 20 19 #include <linux/uidgid.h> 21 20 #include <linux/sched.h>

+29 -11

include/linux/lsm_hooks.h

··· 2028 2028 } __randomize_layout; 2029 2029 2030 2030 /* 2031 + * Security blob size or offset data. 2032 + */ 2033 + struct lsm_blob_sizes { 2034 + int lbs_cred; 2035 + int lbs_file; 2036 + int lbs_inode; 2037 + int lbs_ipc; 2038 + int lbs_msg_msg; 2039 + int lbs_task; 2040 + }; 2041 + 2042 + /* 2031 2043 * Initializing a security_hook_list structure takes 2032 2044 * up a lot of space in a source file. This macro takes 2033 2045 * care of the common case and reduces the amount of ··· 2054 2042 extern void security_add_hooks(struct security_hook_list *hooks, int count, 2055 2043 char *lsm); 2056 2044 2045 + #define LSM_FLAG_LEGACY_MAJOR BIT(0) 2046 + #define LSM_FLAG_EXCLUSIVE BIT(1) 2047 + 2048 + enum lsm_order { 2049 + LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ 2050 + LSM_ORDER_MUTABLE = 0, 2051 + }; 2052 + 2057 2053 struct lsm_info { 2058 2054 const char *name; /* Required. */ 2055 + enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ 2056 + unsigned long flags; /* Optional: flags describing LSM */ 2057 + int *enabled; /* Optional: controlled by CONFIG_LSM */ 2059 2058 int (*init)(void); /* Required. */ 2059 + struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ 2060 2060 }; 2061 2061 2062 2062 extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; ··· 2108 2084 #define __lsm_ro_after_init __ro_after_init 2109 2085 #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ 2110 2086 2111 - extern int __init security_module_enable(const char *module); 2112 - extern void __init capability_add_hooks(void); 2113 - #ifdef CONFIG_SECURITY_YAMA 2114 - extern void __init yama_add_hooks(void); 2115 - #else 2116 - static inline void __init yama_add_hooks(void) { } 2117 - #endif 2118 - #ifdef CONFIG_SECURITY_LOADPIN 2119 - void __init loadpin_add_hooks(void); 2120 - #else 2121 - static inline void loadpin_add_hooks(void) { }; 2087 + extern int lsm_inode_alloc(struct inode *inode); 2088 + 2089 + #ifdef CONFIG_SECURITY 2090 + void __init lsm_early_cred(struct cred *cred); 2091 + void __init lsm_early_task(struct task_struct *task); 2122 2092 #endif 2123 2093 2124 2094 #endif /* ! __LINUX_LSM_HOOKS_H */

+10 -5

include/linux/security.h

··· 366 366 int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, 367 367 unsigned nsops, int alter); 368 368 void security_d_instantiate(struct dentry *dentry, struct inode *inode); 369 - int security_getprocattr(struct task_struct *p, char *name, char **value); 370 - int security_setprocattr(const char *name, void *value, size_t size); 369 + int security_getprocattr(struct task_struct *p, const char *lsm, char *name, 370 + char **value); 371 + int security_setprocattr(const char *lsm, const char *name, void *value, 372 + size_t size); 371 373 int security_netlink_send(struct sock *sk, struct sk_buff *skb); 372 374 int security_ismaclabel(const char *name); 373 375 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); ··· 1114 1112 return 0; 1115 1113 } 1116 1114 1117 - static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) 1115 + static inline void security_d_instantiate(struct dentry *dentry, 1116 + struct inode *inode) 1118 1117 { } 1119 1118 1120 - static inline int security_getprocattr(struct task_struct *p, char *name, char **value) 1119 + static inline int security_getprocattr(struct task_struct *p, const char *lsm, 1120 + char *name, char **value) 1121 1121 { 1122 1122 return -EINVAL; 1123 1123 } 1124 1124 1125 - static inline int security_setprocattr(char *name, void *value, size_t size) 1125 + static inline int security_setprocattr(const char *lsm, char *name, 1126 + void *value, size_t size) 1126 1127 { 1127 1128 return -EINVAL; 1128 1129 }

-35

include/linux/selinux.h

··· 1 - /* 2 - * SELinux services exported to the rest of the kernel. 3 - * 4 - * Author: James Morris <jmorris@redhat.com> 5 - * 6 - * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 - * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 8 - * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> 9 - * 10 - * This program is free software; you can redistribute it and/or modify 11 - * it under the terms of the GNU General Public License version 2, 12 - * as published by the Free Software Foundation. 13 - */ 14 - #ifndef _LINUX_SELINUX_H 15 - #define _LINUX_SELINUX_H 16 - 17 - struct selinux_audit_rule; 18 - struct audit_context; 19 - struct kern_ipc_perm; 20 - 21 - #ifdef CONFIG_SECURITY_SELINUX 22 - 23 - /** 24 - * selinux_is_enabled - is SELinux enabled? 25 - */ 26 - bool selinux_is_enabled(void); 27 - #else 28 - 29 - static inline bool selinux_is_enabled(void) 30 - { 31 - return false; 32 - } 33 - #endif /* CONFIG_SECURITY_SELINUX */ 34 - 35 - #endif /* _LINUX_SELINUX_H */

-13

kernel/cred.c

··· 760 760 { 761 761 if (cred->magic != CRED_MAGIC) 762 762 return true; 763 - #ifdef CONFIG_SECURITY_SELINUX 764 - /* 765 - * cred->security == NULL if security_cred_alloc_blank() or 766 - * security_prepare_creds() returned an error. 767 - */ 768 - if (selinux_is_enabled() && cred->security) { 769 - if ((unsigned long) cred->security < PAGE_SIZE) 770 - return true; 771 - if ((*(u32 *)cred->security & 0xffffff00) == 772 - (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) 773 - return true; 774 - } 775 - #endif 776 763 return false; 777 764 } 778 765 EXPORT_SYMBOL(creds_are_invalid);

+7 -34

security/Kconfig

··· 239 239 240 240 source "security/integrity/Kconfig" 241 241 242 - choice 243 - prompt "Default security module" 244 - default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 245 - default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 246 - default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 247 - default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 248 - default DEFAULT_SECURITY_DAC 249 - 242 + config LSM 243 + string "Ordered list of enabled LSMs" 244 + default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor" 250 245 help 251 - Select the security module that will be used by default if the 252 - kernel parameter security= is not specified. 246 + A comma-separated list of LSMs, in initialization order. 247 + Any LSMs left off this list will be ignored. This can be 248 + controlled at boot with the "lsm=" parameter. 253 249 254 - config DEFAULT_SECURITY_SELINUX 255 - bool "SELinux" if SECURITY_SELINUX=y 256 - 257 - config DEFAULT_SECURITY_SMACK 258 - bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 259 - 260 - config DEFAULT_SECURITY_TOMOYO 261 - bool "TOMOYO" if SECURITY_TOMOYO=y 262 - 263 - config DEFAULT_SECURITY_APPARMOR 264 - bool "AppArmor" if SECURITY_APPARMOR=y 265 - 266 - config DEFAULT_SECURITY_DAC 267 - bool "Unix Discretionary Access Controls" 268 - 269 - endchoice 270 - 271 - config DEFAULT_SECURITY 272 - string 273 - default "selinux" if DEFAULT_SECURITY_SELINUX 274 - default "smack" if DEFAULT_SECURITY_SMACK 275 - default "tomoyo" if DEFAULT_SECURITY_TOMOYO 276 - default "apparmor" if DEFAULT_SECURITY_APPARMOR 277 - default "" if DEFAULT_SECURITY_DAC 250 + If unsure, leave this as the default. 278 251 279 252 endmenu 280 253

-16

security/apparmor/Kconfig

··· 14 14 15 15 If you are unsure how to answer this question, answer N. 16 16 17 - config SECURITY_APPARMOR_BOOTPARAM_VALUE 18 - int "AppArmor boot parameter default value" 19 - depends on SECURITY_APPARMOR 20 - range 0 1 21 - default 1 22 - help 23 - This option sets the default value for the kernel parameter 24 - 'apparmor', which allows AppArmor to be enabled or disabled 25 - at boot. If this option is set to 0 (zero), the AppArmor 26 - kernel parameter will default to 0, disabling AppArmor at 27 - boot. If this option is set to 1 (one), the AppArmor 28 - kernel parameter will default to 1, enabling AppArmor at 29 - boot. 30 - 31 - If you are unsure how to answer this question, answer 1. 32 - 33 17 config SECURITY_APPARMOR_HASH 34 18 bool "Enable introspection of sha1 hashes for loaded profiles" 35 19 depends on SECURITY_APPARMOR

+1 -1

security/apparmor/domain.c

··· 975 975 } 976 976 aa_put_label(cred_label(bprm->cred)); 977 977 /* transfer reference, released when cred is freed */ 978 - cred_label(bprm->cred) = new; 978 + set_cred_label(bprm->cred, new); 979 979 980 980 done: 981 981 aa_put_label(label);

+15 -1

security/apparmor/include/cred.h

··· 23 23 #include "policy_ns.h" 24 24 #include "task.h" 25 25 26 - #define cred_label(X) ((X)->security) 26 + static inline struct aa_label *cred_label(const struct cred *cred) 27 + { 28 + struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; 27 29 30 + AA_BUG(!blob); 31 + return *blob; 32 + } 33 + 34 + static inline void set_cred_label(const struct cred *cred, 35 + struct aa_label *label) 36 + { 37 + struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; 38 + 39 + AA_BUG(!blob); 40 + *blob = label; 41 + } 28 42 29 43 /** 30 44 * aa_cred_raw_label - obtain cred's label

+4 -1

security/apparmor/include/file.h

··· 32 32 AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ 33 33 AA_EXEC_MMAP | AA_MAY_LINK) 34 34 35 - #define file_ctx(X) ((struct aa_file_ctx *)(X)->f_security) 35 + static inline struct aa_file_ctx *file_ctx(struct file *file) 36 + { 37 + return file->f_security + apparmor_blob_sizes.lbs_file; 38 + } 36 39 37 40 /* struct aa_file_ctx - the AppArmor context the file was opened in 38 41 * @lock: lock to update the ctx

+4

security/apparmor/include/lib.h

··· 16 16 17 17 #include <linux/slab.h> 18 18 #include <linux/fs.h> 19 + #include <linux/lsm_hooks.h> 19 20 20 21 #include "match.h" 21 22 ··· 55 54 const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name, 56 55 size_t *ns_len); 57 56 void aa_info_message(const char *str); 57 + 58 + /* Security blob offsets */ 59 + extern struct lsm_blob_sizes apparmor_blob_sizes; 58 60 59 61 /** 60 62 * aa_strneq - compare null terminated @str to a non null terminated substring

+4 -14

security/apparmor/include/task.h

··· 14 14 #ifndef __AA_TASK_H 15 15 #define __AA_TASK_H 16 16 17 - #define task_ctx(X) ((X)->security) 17 + static inline struct aa_task_ctx *task_ctx(struct task_struct *task) 18 + { 19 + return task->security; 20 + } 18 21 19 22 /* 20 23 * struct aa_task_ctx - information for current task label change ··· 40 37 struct aa_label *aa_get_task_label(struct task_struct *task); 41 38 42 39 /** 43 - * aa_alloc_task_ctx - allocate a new task_ctx 44 - * @flags: gfp flags for allocation 45 - * 46 - * Returns: allocated buffer or NULL on failure 47 - */ 48 - static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags) 49 - { 50 - return kzalloc(sizeof(struct aa_task_ctx), flags); 51 - } 52 - 53 - /** 54 40 * aa_free_task_ctx - free a task_ctx 55 41 * @ctx: task_ctx to free (MAYBE NULL) 56 42 */ ··· 49 57 aa_put_label(ctx->nnp); 50 58 aa_put_label(ctx->previous); 51 59 aa_put_label(ctx->onexec); 52 - 53 - kzfree(ctx); 54 60 } 55 61 } 56 62

+31 -34

security/apparmor/lsm.c

··· 60 60 static void apparmor_cred_free(struct cred *cred) 61 61 { 62 62 aa_put_label(cred_label(cred)); 63 - cred_label(cred) = NULL; 63 + set_cred_label(cred, NULL); 64 64 } 65 65 66 66 /* ··· 68 68 */ 69 69 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) 70 70 { 71 - cred_label(cred) = NULL; 71 + set_cred_label(cred, NULL); 72 72 return 0; 73 73 } 74 74 ··· 78 78 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, 79 79 gfp_t gfp) 80 80 { 81 - cred_label(new) = aa_get_newest_label(cred_label(old)); 81 + set_cred_label(new, aa_get_newest_label(cred_label(old))); 82 82 return 0; 83 83 } 84 84 ··· 87 87 */ 88 88 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) 89 89 { 90 - cred_label(new) = aa_get_newest_label(cred_label(old)); 90 + set_cred_label(new, aa_get_newest_label(cred_label(old))); 91 91 } 92 92 93 93 static void apparmor_task_free(struct task_struct *task) 94 94 { 95 95 96 96 aa_free_task_ctx(task_ctx(task)); 97 - task_ctx(task) = NULL; 98 97 } 99 98 100 99 static int apparmor_task_alloc(struct task_struct *task, 101 100 unsigned long clone_flags) 102 101 { 103 - struct aa_task_ctx *new = aa_alloc_task_ctx(GFP_KERNEL); 104 - 105 - if (!new) 106 - return -ENOMEM; 102 + struct aa_task_ctx *new = task_ctx(task); 107 103 108 104 aa_dup_task_ctx(new, task_ctx(current)); 109 - task_ctx(task) = new; 110 105 111 106 return 0; 112 107 } ··· 429 434 430 435 static int apparmor_file_alloc_security(struct file *file) 431 436 { 432 - int error = 0; 433 - 434 - /* freed by apparmor_file_free_security */ 437 + struct aa_file_ctx *ctx = file_ctx(file); 435 438 struct aa_label *label = begin_current_label_crit_section(); 436 - file->f_security = aa_alloc_file_ctx(label, GFP_KERNEL); 437 - if (!file_ctx(file)) 438 - error = -ENOMEM; 439 - end_current_label_crit_section(label); 440 439 441 - return error; 440 + spin_lock_init(&ctx->lock); 441 + rcu_assign_pointer(ctx->label, aa_get_label(label)); 442 + end_current_label_crit_section(label); 443 + return 0; 442 444 } 443 445 444 446 static void apparmor_file_free_security(struct file *file) 445 447 { 446 - aa_free_file_ctx(file_ctx(file)); 448 + struct aa_file_ctx *ctx = file_ctx(file); 449 + 450 + if (ctx) 451 + aa_put_label(rcu_access_pointer(ctx->label)); 447 452 } 448 453 449 454 static int common_file_perm(const char *op, struct file *file, u32 mask) ··· 1146 1151 } 1147 1152 #endif 1148 1153 1154 + /* 1155 + * The cred blob is a pointer to, not an instance of, an aa_task_ctx. 1156 + */ 1157 + struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { 1158 + .lbs_cred = sizeof(struct aa_task_ctx *), 1159 + .lbs_file = sizeof(struct aa_file_ctx), 1160 + .lbs_task = sizeof(struct aa_task_ctx), 1161 + }; 1162 + 1149 1163 static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { 1150 1164 LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), 1151 1165 LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), ··· 1337 1333 module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); 1338 1334 1339 1335 /* Boot time disable flag */ 1340 - static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; 1341 - module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); 1336 + static int apparmor_enabled __lsm_ro_after_init = 1; 1337 + module_param_named(enabled, apparmor_enabled, int, 0444); 1342 1338 1343 1339 static int __init apparmor_enabled_setup(char *str) 1344 1340 { ··· 1483 1479 static int __init set_init_ctx(void) 1484 1480 { 1485 1481 struct cred *cred = (struct cred *)current->real_cred; 1486 - struct aa_task_ctx *ctx; 1487 1482 1488 - ctx = aa_alloc_task_ctx(GFP_KERNEL); 1489 - if (!ctx) 1490 - return -ENOMEM; 1491 - 1492 - cred_label(cred) = aa_get_label(ns_unconfined(root_ns)); 1493 - task_ctx(current) = ctx; 1483 + lsm_early_cred(cred); 1484 + lsm_early_task(current); 1485 + set_cred_label(cred, aa_get_label(ns_unconfined(root_ns))); 1494 1486 1495 1487 return 0; 1496 1488 } ··· 1663 1663 { 1664 1664 int error; 1665 1665 1666 - if (!apparmor_enabled || !security_module_enable("apparmor")) { 1667 - aa_info_message("AppArmor disabled by boot time parameter"); 1668 - apparmor_enabled = false; 1669 - return 0; 1670 - } 1671 - 1672 1666 aa_secids_init(); 1673 1667 1674 1668 error = aa_setup_dfa_engine(); ··· 1723 1729 1724 1730 DEFINE_LSM(apparmor) = { 1725 1731 .name = "apparmor", 1732 + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 1733 + .enabled = &apparmor_enabled, 1734 + .blobs = &apparmor_blob_sizes, 1726 1735 .init = apparmor_init, 1727 1736 };

+3 -3

security/apparmor/task.c

··· 81 81 */ 82 82 aa_get_label(label); 83 83 aa_put_label(cred_label(new)); 84 - cred_label(new) = label; 84 + set_cred_label(new, label); 85 85 86 86 commit_creds(new); 87 87 return 0; ··· 138 138 return -EACCES; 139 139 } 140 140 141 - cred_label(new) = aa_get_newest_label(label); 141 + set_cred_label(new, aa_get_newest_label(label)); 142 142 /* clear exec on switching context */ 143 143 aa_put_label(ctx->onexec); 144 144 ctx->onexec = NULL; ··· 172 172 return -ENOMEM; 173 173 174 174 aa_put_label(cred_label(new)); 175 - cred_label(new) = aa_get_newest_label(ctx->previous); 175 + set_cred_label(new, aa_get_newest_label(ctx->previous)); 176 176 AA_BUG(!cred_label(new)); 177 177 /* clear exec && prev information when restoring to previous context */ 178 178 aa_clear_task_ctx_trans(ctx);

+8 -1

security/commoncap.c

··· 1362 1362 LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory), 1363 1363 }; 1364 1364 1365 - void __init capability_add_hooks(void) 1365 + static int __init capability_init(void) 1366 1366 { 1367 1367 security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), 1368 1368 "capability"); 1369 + return 0; 1369 1370 } 1371 + 1372 + DEFINE_LSM(capability) = { 1373 + .name = "capability", 1374 + .order = LSM_ORDER_FIRST, 1375 + .init = capability_init, 1376 + }; 1370 1377 1371 1378 #endif /* CONFIG_SECURITY */

+7 -1

security/loadpin/loadpin.c

··· 187 187 LSM_HOOK_INIT(kernel_load_data, loadpin_load_data), 188 188 }; 189 189 190 - void __init loadpin_add_hooks(void) 190 + static int __init loadpin_init(void) 191 191 { 192 192 pr_info("ready to pin (currently %senforcing)\n", 193 193 enforce ? "" : "not "); 194 194 security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); 195 + return 0; 195 196 } 197 + 198 + DEFINE_LSM(loadpin) = { 199 + .name = "loadpin", 200 + .init = loadpin_init, 201 + }; 196 202 197 203 /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ 198 204 module_param(enforce, int, 0);

+576 -59

security/security.c

··· 30 30 #include <linux/personality.h> 31 31 #include <linux/backing-dev.h> 32 32 #include <linux/string.h> 33 + #include <linux/msg.h> 33 34 #include <net/flow.h> 34 35 35 36 #define MAX_LSM_EVM_XATTR 2 36 37 37 - /* Maximum number of letters for an LSM name string */ 38 - #define SECURITY_NAME_MAX 10 38 + /* How many LSMs were built into the kernel? */ 39 + #define LSM_COUNT (__end_lsm_info - __start_lsm_info) 39 40 40 41 struct security_hook_heads security_hook_heads __lsm_ro_after_init; 41 42 static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); 42 43 44 + static struct kmem_cache *lsm_file_cache; 45 + static struct kmem_cache *lsm_inode_cache; 46 + 43 47 char *lsm_names; 48 + static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; 49 + 44 50 /* Boot-time LSM user choice */ 45 - static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = 46 - CONFIG_DEFAULT_SECURITY; 51 + static __initdata const char *chosen_lsm_order; 52 + static __initdata const char *chosen_major_lsm; 53 + 54 + static __initconst const char * const builtin_lsm_order = CONFIG_LSM; 55 + 56 + /* Ordered list of LSMs to initialize. */ 57 + static __initdata struct lsm_info **ordered_lsms; 58 + static __initdata struct lsm_info *exclusive; 47 59 48 60 static __initdata bool debug; 49 61 #define init_debug(...) \ ··· 64 52 pr_info(__VA_ARGS__); \ 65 53 } while (0) 66 54 67 - static void __init major_lsm_init(void) 55 + static bool __init is_enabled(struct lsm_info *lsm) 68 56 { 69 - struct lsm_info *lsm; 70 - int ret; 57 + if (!lsm->enabled) 58 + return false; 71 59 72 - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { 60 + return *lsm->enabled; 61 + } 62 + 63 + /* Mark an LSM's enabled flag. */ 64 + static int lsm_enabled_true __initdata = 1; 65 + static int lsm_enabled_false __initdata = 0; 66 + static void __init set_enabled(struct lsm_info *lsm, bool enabled) 67 + { 68 + /* 69 + * When an LSM hasn't configured an enable variable, we can use 70 + * a hard-coded location for storing the default enabled state. 71 + */ 72 + if (!lsm->enabled) { 73 + if (enabled) 74 + lsm->enabled = &lsm_enabled_true; 75 + else 76 + lsm->enabled = &lsm_enabled_false; 77 + } else if (lsm->enabled == &lsm_enabled_true) { 78 + if (!enabled) 79 + lsm->enabled = &lsm_enabled_false; 80 + } else if (lsm->enabled == &lsm_enabled_false) { 81 + if (enabled) 82 + lsm->enabled = &lsm_enabled_true; 83 + } else { 84 + *lsm->enabled = enabled; 85 + } 86 + } 87 + 88 + /* Is an LSM already listed in the ordered LSMs list? */ 89 + static bool __init exists_ordered_lsm(struct lsm_info *lsm) 90 + { 91 + struct lsm_info **check; 92 + 93 + for (check = ordered_lsms; *check; check++) 94 + if (*check == lsm) 95 + return true; 96 + 97 + return false; 98 + } 99 + 100 + /* Append an LSM to the list of ordered LSMs to initialize. */ 101 + static int last_lsm __initdata; 102 + static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) 103 + { 104 + /* Ignore duplicate selections. */ 105 + if (exists_ordered_lsm(lsm)) 106 + return; 107 + 108 + if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) 109 + return; 110 + 111 + /* Enable this LSM, if it is not already set. */ 112 + if (!lsm->enabled) 113 + lsm->enabled = &lsm_enabled_true; 114 + ordered_lsms[last_lsm++] = lsm; 115 + 116 + init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, 117 + is_enabled(lsm) ? "en" : "dis"); 118 + } 119 + 120 + /* Is an LSM allowed to be initialized? */ 121 + static bool __init lsm_allowed(struct lsm_info *lsm) 122 + { 123 + /* Skip if the LSM is disabled. */ 124 + if (!is_enabled(lsm)) 125 + return false; 126 + 127 + /* Not allowed if another exclusive LSM already initialized. */ 128 + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { 129 + init_debug("exclusive disabled: %s\n", lsm->name); 130 + return false; 131 + } 132 + 133 + return true; 134 + } 135 + 136 + static void __init lsm_set_blob_size(int *need, int *lbs) 137 + { 138 + int offset; 139 + 140 + if (*need > 0) { 141 + offset = *lbs; 142 + *lbs += *need; 143 + *need = offset; 144 + } 145 + } 146 + 147 + static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) 148 + { 149 + if (!needed) 150 + return; 151 + 152 + lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); 153 + lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); 154 + /* 155 + * The inode blob gets an rcu_head in addition to 156 + * what the modules might need. 157 + */ 158 + if (needed->lbs_inode && blob_sizes.lbs_inode == 0) 159 + blob_sizes.lbs_inode = sizeof(struct rcu_head); 160 + lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); 161 + lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); 162 + lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); 163 + lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); 164 + } 165 + 166 + /* Prepare LSM for initialization. */ 167 + static void __init prepare_lsm(struct lsm_info *lsm) 168 + { 169 + int enabled = lsm_allowed(lsm); 170 + 171 + /* Record enablement (to handle any following exclusive LSMs). */ 172 + set_enabled(lsm, enabled); 173 + 174 + /* If enabled, do pre-initialization work. */ 175 + if (enabled) { 176 + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { 177 + exclusive = lsm; 178 + init_debug("exclusive chosen: %s\n", lsm->name); 179 + } 180 + 181 + lsm_set_blob_sizes(lsm->blobs); 182 + } 183 + } 184 + 185 + /* Initialize a given LSM, if it is enabled. */ 186 + static void __init initialize_lsm(struct lsm_info *lsm) 187 + { 188 + if (is_enabled(lsm)) { 189 + int ret; 190 + 73 191 init_debug("initializing %s\n", lsm->name); 74 192 ret = lsm->init(); 75 193 WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); 76 194 } 195 + } 196 + 197 + /* Populate ordered LSMs list from comma-separated LSM name list. */ 198 + static void __init ordered_lsm_parse(const char *order, const char *origin) 199 + { 200 + struct lsm_info *lsm; 201 + char *sep, *name, *next; 202 + 203 + /* LSM_ORDER_FIRST is always first. */ 204 + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { 205 + if (lsm->order == LSM_ORDER_FIRST) 206 + append_ordered_lsm(lsm, "first"); 207 + } 208 + 209 + /* Process "security=", if given. */ 210 + if (chosen_major_lsm) { 211 + struct lsm_info *major; 212 + 213 + /* 214 + * To match the original "security=" behavior, this 215 + * explicitly does NOT fallback to another Legacy Major 216 + * if the selected one was separately disabled: disable 217 + * all non-matching Legacy Major LSMs. 218 + */ 219 + for (major = __start_lsm_info; major < __end_lsm_info; 220 + major++) { 221 + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && 222 + strcmp(major->name, chosen_major_lsm) != 0) { 223 + set_enabled(major, false); 224 + init_debug("security=%s disabled: %s\n", 225 + chosen_major_lsm, major->name); 226 + } 227 + } 228 + } 229 + 230 + sep = kstrdup(order, GFP_KERNEL); 231 + next = sep; 232 + /* Walk the list, looking for matching LSMs. */ 233 + while ((name = strsep(&next, ",")) != NULL) { 234 + bool found = false; 235 + 236 + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { 237 + if (lsm->order == LSM_ORDER_MUTABLE && 238 + strcmp(lsm->name, name) == 0) { 239 + append_ordered_lsm(lsm, origin); 240 + found = true; 241 + } 242 + } 243 + 244 + if (!found) 245 + init_debug("%s ignored: %s\n", origin, name); 246 + } 247 + 248 + /* Process "security=", if given. */ 249 + if (chosen_major_lsm) { 250 + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { 251 + if (exists_ordered_lsm(lsm)) 252 + continue; 253 + if (strcmp(lsm->name, chosen_major_lsm) == 0) 254 + append_ordered_lsm(lsm, "security="); 255 + } 256 + } 257 + 258 + /* Disable all LSMs not in the ordered list. */ 259 + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { 260 + if (exists_ordered_lsm(lsm)) 261 + continue; 262 + set_enabled(lsm, false); 263 + init_debug("%s disabled: %s\n", origin, lsm->name); 264 + } 265 + 266 + kfree(sep); 267 + } 268 + 269 + static void __init ordered_lsm_init(void) 270 + { 271 + struct lsm_info **lsm; 272 + 273 + ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), 274 + GFP_KERNEL); 275 + 276 + if (chosen_lsm_order) 277 + ordered_lsm_parse(chosen_lsm_order, "cmdline"); 278 + else 279 + ordered_lsm_parse(builtin_lsm_order, "builtin"); 280 + 281 + for (lsm = ordered_lsms; *lsm; lsm++) 282 + prepare_lsm(*lsm); 283 + 284 + init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); 285 + init_debug("file blob size = %d\n", blob_sizes.lbs_file); 286 + init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); 287 + init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); 288 + init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); 289 + init_debug("task blob size = %d\n", blob_sizes.lbs_task); 290 + 291 + /* 292 + * Create any kmem_caches needed for blobs 293 + */ 294 + if (blob_sizes.lbs_file) 295 + lsm_file_cache = kmem_cache_create("lsm_file_cache", 296 + blob_sizes.lbs_file, 0, 297 + SLAB_PANIC, NULL); 298 + if (blob_sizes.lbs_inode) 299 + lsm_inode_cache = kmem_cache_create("lsm_inode_cache", 300 + blob_sizes.lbs_inode, 0, 301 + SLAB_PANIC, NULL); 302 + 303 + for (lsm = ordered_lsms; *lsm; lsm++) 304 + initialize_lsm(*lsm); 305 + 306 + kfree(ordered_lsms); 77 307 } 78 308 79 309 /** ··· 334 80 i++) 335 81 INIT_HLIST_HEAD(&list[i]); 336 82 337 - /* 338 - * Load minor LSMs, with the capability module always first. 339 - */ 340 - capability_add_hooks(); 341 - yama_add_hooks(); 342 - loadpin_add_hooks(); 343 - 344 - /* 345 - * Load all the remaining security modules. 346 - */ 347 - major_lsm_init(); 83 + /* Load LSMs in specified order. */ 84 + ordered_lsm_init(); 348 85 349 86 return 0; 350 87 } 351 88 352 89 /* Save user chosen LSM */ 353 - static int __init choose_lsm(char *str) 90 + static int __init choose_major_lsm(char *str) 354 91 { 355 - strncpy(chosen_lsm, str, SECURITY_NAME_MAX); 92 + chosen_major_lsm = str; 356 93 return 1; 357 94 } 358 - __setup("security=", choose_lsm); 95 + __setup("security=", choose_major_lsm); 96 + 97 + /* Explicitly choose LSM initialization order. */ 98 + static int __init choose_lsm_order(char *str) 99 + { 100 + chosen_lsm_order = str; 101 + return 1; 102 + } 103 + __setup("lsm=", choose_lsm_order); 359 104 360 105 /* Enable LSM order debugging. */ 361 106 static int __init enable_debug(char *str) ··· 401 148 } 402 149 403 150 /** 404 - * security_module_enable - Load given security module on boot ? 405 - * @module: the name of the module 406 - * 407 - * Each LSM must pass this method before registering its own operations 408 - * to avoid security registration races. This method may also be used 409 - * to check if your LSM is currently loaded during kernel initialization. 410 - * 411 - * Returns: 412 - * 413 - * true if: 414 - * 415 - * - The passed LSM is the one chosen by user at boot time, 416 - * - or the passed LSM is configured as the default and the user did not 417 - * choose an alternate LSM at boot time. 418 - * 419 - * Otherwise, return false. 420 - */ 421 - int __init security_module_enable(const char *module) 422 - { 423 - return !strcmp(module, chosen_lsm); 424 - } 425 - 426 - /** 427 151 * security_add_hooks - Add a modules hooks to the hook lists. 428 152 * @hooks: the hooks to add 429 153 * @count: the number of hooks to add ··· 438 208 return atomic_notifier_chain_unregister(&lsm_notifier_chain, nb); 439 209 } 440 210 EXPORT_SYMBOL(unregister_lsm_notifier); 211 + 212 + /** 213 + * lsm_cred_alloc - allocate a composite cred blob 214 + * @cred: the cred that needs a blob 215 + * @gfp: allocation type 216 + * 217 + * Allocate the cred blob for all the modules 218 + * 219 + * Returns 0, or -ENOMEM if memory can't be allocated. 220 + */ 221 + static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) 222 + { 223 + if (blob_sizes.lbs_cred == 0) { 224 + cred->security = NULL; 225 + return 0; 226 + } 227 + 228 + cred->security = kzalloc(blob_sizes.lbs_cred, gfp); 229 + if (cred->security == NULL) 230 + return -ENOMEM; 231 + return 0; 232 + } 233 + 234 + /** 235 + * lsm_early_cred - during initialization allocate a composite cred blob 236 + * @cred: the cred that needs a blob 237 + * 238 + * Allocate the cred blob for all the modules if it's not already there 239 + */ 240 + void __init lsm_early_cred(struct cred *cred) 241 + { 242 + int rc; 243 + 244 + if (cred == NULL) 245 + panic("%s: NULL cred.\n", __func__); 246 + if (cred->security != NULL) 247 + return; 248 + rc = lsm_cred_alloc(cred, GFP_KERNEL); 249 + if (rc) 250 + panic("%s: Early cred alloc failed.\n", __func__); 251 + } 252 + 253 + /** 254 + * lsm_file_alloc - allocate a composite file blob 255 + * @file: the file that needs a blob 256 + * 257 + * Allocate the file blob for all the modules 258 + * 259 + * Returns 0, or -ENOMEM if memory can't be allocated. 260 + */ 261 + static int lsm_file_alloc(struct file *file) 262 + { 263 + if (!lsm_file_cache) { 264 + file->f_security = NULL; 265 + return 0; 266 + } 267 + 268 + file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); 269 + if (file->f_security == NULL) 270 + return -ENOMEM; 271 + return 0; 272 + } 273 + 274 + /** 275 + * lsm_inode_alloc - allocate a composite inode blob 276 + * @inode: the inode that needs a blob 277 + * 278 + * Allocate the inode blob for all the modules 279 + * 280 + * Returns 0, or -ENOMEM if memory can't be allocated. 281 + */ 282 + int lsm_inode_alloc(struct inode *inode) 283 + { 284 + if (!lsm_inode_cache) { 285 + inode->i_security = NULL; 286 + return 0; 287 + } 288 + 289 + inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_NOFS); 290 + if (inode->i_security == NULL) 291 + return -ENOMEM; 292 + return 0; 293 + } 294 + 295 + /** 296 + * lsm_task_alloc - allocate a composite task blob 297 + * @task: the task that needs a blob 298 + * 299 + * Allocate the task blob for all the modules 300 + * 301 + * Returns 0, or -ENOMEM if memory can't be allocated. 302 + */ 303 + int lsm_task_alloc(struct task_struct *task) 304 + { 305 + if (blob_sizes.lbs_task == 0) { 306 + task->security = NULL; 307 + return 0; 308 + } 309 + 310 + task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); 311 + if (task->security == NULL) 312 + return -ENOMEM; 313 + return 0; 314 + } 315 + 316 + /** 317 + * lsm_ipc_alloc - allocate a composite ipc blob 318 + * @kip: the ipc that needs a blob 319 + * 320 + * Allocate the ipc blob for all the modules 321 + * 322 + * Returns 0, or -ENOMEM if memory can't be allocated. 323 + */ 324 + int lsm_ipc_alloc(struct kern_ipc_perm *kip) 325 + { 326 + if (blob_sizes.lbs_ipc == 0) { 327 + kip->security = NULL; 328 + return 0; 329 + } 330 + 331 + kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL); 332 + if (kip->security == NULL) 333 + return -ENOMEM; 334 + return 0; 335 + } 336 + 337 + /** 338 + * lsm_msg_msg_alloc - allocate a composite msg_msg blob 339 + * @mp: the msg_msg that needs a blob 340 + * 341 + * Allocate the ipc blob for all the modules 342 + * 343 + * Returns 0, or -ENOMEM if memory can't be allocated. 344 + */ 345 + int lsm_msg_msg_alloc(struct msg_msg *mp) 346 + { 347 + if (blob_sizes.lbs_msg_msg == 0) { 348 + mp->security = NULL; 349 + return 0; 350 + } 351 + 352 + mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL); 353 + if (mp->security == NULL) 354 + return -ENOMEM; 355 + return 0; 356 + } 357 + 358 + /** 359 + * lsm_early_task - during initialization allocate a composite task blob 360 + * @task: the task that needs a blob 361 + * 362 + * Allocate the task blob for all the modules if it's not already there 363 + */ 364 + void __init lsm_early_task(struct task_struct *task) 365 + { 366 + int rc; 367 + 368 + if (task == NULL) 369 + panic("%s: task cred.\n", __func__); 370 + if (task->security != NULL) 371 + return; 372 + rc = lsm_task_alloc(task); 373 + if (rc) 374 + panic("%s: Early task alloc failed.\n", __func__); 375 + } 441 376 442 377 /* 443 378 * Hook list operation macros. ··· 863 468 864 469 int security_inode_alloc(struct inode *inode) 865 470 { 866 - inode->i_security = NULL; 867 - return call_int_hook(inode_alloc_security, 0, inode); 471 + int rc = lsm_inode_alloc(inode); 472 + 473 + if (unlikely(rc)) 474 + return rc; 475 + rc = call_int_hook(inode_alloc_security, 0, inode); 476 + if (unlikely(rc)) 477 + security_inode_free(inode); 478 + return rc; 479 + } 480 + 481 + static void inode_free_by_rcu(struct rcu_head *head) 482 + { 483 + /* 484 + * The rcu head is at the start of the inode blob 485 + */ 486 + kmem_cache_free(lsm_inode_cache, head); 868 487 } 869 488 870 489 void security_inode_free(struct inode *inode) 871 490 { 872 491 integrity_inode_free(inode); 873 492 call_void_hook(inode_free_security, inode); 493 + /* 494 + * The inode may still be referenced in a path walk and 495 + * a call to security_inode_permission() can be made 496 + * after inode_free_security() is called. Ideally, the VFS 497 + * wouldn't do this, but fixing that is a much harder 498 + * job. For now, simply free the i_security via RCU, and 499 + * leave the current inode->i_security pointer intact. 500 + * The inode will be freed after the RCU grace period too. 501 + */ 502 + if (inode->i_security) 503 + call_rcu((struct rcu_head *)inode->i_security, 504 + inode_free_by_rcu); 874 505 } 875 506 876 507 int security_dentry_init_security(struct dentry *dentry, int mode, ··· 1326 905 1327 906 int security_file_alloc(struct file *file) 1328 907 { 1329 - return call_int_hook(file_alloc_security, 0, file); 908 + int rc = lsm_file_alloc(file); 909 + 910 + if (rc) 911 + return rc; 912 + rc = call_int_hook(file_alloc_security, 0, file); 913 + if (unlikely(rc)) 914 + security_file_free(file); 915 + return rc; 1330 916 } 1331 917 1332 918 void security_file_free(struct file *file) 1333 919 { 920 + void *blob; 921 + 1334 922 call_void_hook(file_free_security, file); 923 + 924 + blob = file->f_security; 925 + if (blob) { 926 + file->f_security = NULL; 927 + kmem_cache_free(lsm_file_cache, blob); 928 + } 1335 929 } 1336 930 1337 931 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ··· 1448 1012 1449 1013 int security_task_alloc(struct task_struct *task, unsigned long clone_flags) 1450 1014 { 1451 - return call_int_hook(task_alloc, 0, task, clone_flags); 1015 + int rc = lsm_task_alloc(task); 1016 + 1017 + if (rc) 1018 + return rc; 1019 + rc = call_int_hook(task_alloc, 0, task, clone_flags); 1020 + if (unlikely(rc)) 1021 + security_task_free(task); 1022 + return rc; 1452 1023 } 1453 1024 1454 1025 void security_task_free(struct task_struct *task) 1455 1026 { 1456 1027 call_void_hook(task_free, task); 1028 + 1029 + kfree(task->security); 1030 + task->security = NULL; 1457 1031 } 1458 1032 1459 1033 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1460 1034 { 1461 - return call_int_hook(cred_alloc_blank, 0, cred, gfp); 1035 + int rc = lsm_cred_alloc(cred, gfp); 1036 + 1037 + if (rc) 1038 + return rc; 1039 + 1040 + rc = call_int_hook(cred_alloc_blank, 0, cred, gfp); 1041 + if (unlikely(rc)) 1042 + security_cred_free(cred); 1043 + return rc; 1462 1044 } 1463 1045 1464 1046 void security_cred_free(struct cred *cred) 1465 1047 { 1466 1048 call_void_hook(cred_free, cred); 1049 + 1050 + kfree(cred->security); 1051 + cred->security = NULL; 1467 1052 } 1468 1053 1469 1054 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) 1470 1055 { 1471 - return call_int_hook(cred_prepare, 0, new, old, gfp); 1056 + int rc = lsm_cred_alloc(new, gfp); 1057 + 1058 + if (rc) 1059 + return rc; 1060 + 1061 + rc = call_int_hook(cred_prepare, 0, new, old, gfp); 1062 + if (unlikely(rc)) 1063 + security_cred_free(new); 1064 + return rc; 1472 1065 } 1473 1066 1474 1067 void security_transfer_creds(struct cred *new, const struct cred *old) ··· 1678 1213 1679 1214 int security_msg_msg_alloc(struct msg_msg *msg) 1680 1215 { 1681 - return call_int_hook(msg_msg_alloc_security, 0, msg); 1216 + int rc = lsm_msg_msg_alloc(msg); 1217 + 1218 + if (unlikely(rc)) 1219 + return rc; 1220 + rc = call_int_hook(msg_msg_alloc_security, 0, msg); 1221 + if (unlikely(rc)) 1222 + security_msg_msg_free(msg); 1223 + return rc; 1682 1224 } 1683 1225 1684 1226 void security_msg_msg_free(struct msg_msg *msg) 1685 1227 { 1686 1228 call_void_hook(msg_msg_free_security, msg); 1229 + kfree(msg->security); 1230 + msg->security = NULL; 1687 1231 } 1688 1232 1689 1233 int security_msg_queue_alloc(struct kern_ipc_perm *msq) 1690 1234 { 1691 - return call_int_hook(msg_queue_alloc_security, 0, msq); 1235 + int rc = lsm_ipc_alloc(msq); 1236 + 1237 + if (unlikely(rc)) 1238 + return rc; 1239 + rc = call_int_hook(msg_queue_alloc_security, 0, msq); 1240 + if (unlikely(rc)) 1241 + security_msg_queue_free(msq); 1242 + return rc; 1692 1243 } 1693 1244 1694 1245 void security_msg_queue_free(struct kern_ipc_perm *msq) 1695 1246 { 1696 1247 call_void_hook(msg_queue_free_security, msq); 1248 + kfree(msq->security); 1249 + msq->security = NULL; 1697 1250 } 1698 1251 1699 1252 int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) ··· 1738 1255 1739 1256 int security_shm_alloc(struct kern_ipc_perm *shp) 1740 1257 { 1741 - return call_int_hook(shm_alloc_security, 0, shp); 1258 + int rc = lsm_ipc_alloc(shp); 1259 + 1260 + if (unlikely(rc)) 1261 + return rc; 1262 + rc = call_int_hook(shm_alloc_security, 0, shp); 1263 + if (unlikely(rc)) 1264 + security_shm_free(shp); 1265 + return rc; 1742 1266 } 1743 1267 1744 1268 void security_shm_free(struct kern_ipc_perm *shp) 1745 1269 { 1746 1270 call_void_hook(shm_free_security, shp); 1271 + kfree(shp->security); 1272 + shp->security = NULL; 1747 1273 } 1748 1274 1749 1275 int security_shm_associate(struct kern_ipc_perm *shp, int shmflg) ··· 1772 1280 1773 1281 int security_sem_alloc(struct kern_ipc_perm *sma) 1774 1282 { 1775 - return call_int_hook(sem_alloc_security, 0, sma); 1283 + int rc = lsm_ipc_alloc(sma); 1284 + 1285 + if (unlikely(rc)) 1286 + return rc; 1287 + rc = call_int_hook(sem_alloc_security, 0, sma); 1288 + if (unlikely(rc)) 1289 + security_sem_free(sma); 1290 + return rc; 1776 1291 } 1777 1292 1778 1293 void security_sem_free(struct kern_ipc_perm *sma) 1779 1294 { 1780 1295 call_void_hook(sem_free_security, sma); 1296 + kfree(sma->security); 1297 + sma->security = NULL; 1781 1298 } 1782 1299 1783 1300 int security_sem_associate(struct kern_ipc_perm *sma, int semflg) ··· 1813 1312 } 1814 1313 EXPORT_SYMBOL(security_d_instantiate); 1815 1314 1816 - int security_getprocattr(struct task_struct *p, char *name, char **value) 1315 + int security_getprocattr(struct task_struct *p, const char *lsm, char *name, 1316 + char **value) 1817 1317 { 1818 - return call_int_hook(getprocattr, -EINVAL, p, name, value); 1318 + struct security_hook_list *hp; 1319 + 1320 + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { 1321 + if (lsm != NULL && strcmp(lsm, hp->lsm)) 1322 + continue; 1323 + return hp->hook.getprocattr(p, name, value); 1324 + } 1325 + return -EINVAL; 1819 1326 } 1820 1327 1821 - int security_setprocattr(const char *name, void *value, size_t size) 1328 + int security_setprocattr(const char *lsm, const char *name, void *value, 1329 + size_t size) 1822 1330 { 1823 - return call_int_hook(setprocattr, -EINVAL, name, value, size); 1331 + struct security_hook_list *hp; 1332 + 1333 + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { 1334 + if (lsm != NULL && strcmp(lsm, hp->lsm)) 1335 + continue; 1336 + return hp->hook.setprocattr(name, value, size); 1337 + } 1338 + return -EINVAL; 1824 1339 } 1825 1340 1826 1341 int security_netlink_send(struct sock *sk, struct sk_buff *skb)

-15

security/selinux/Kconfig

··· 22 22 23 23 If you are unsure how to answer this question, answer N. 24 24 25 - config SECURITY_SELINUX_BOOTPARAM_VALUE 26 - int "NSA SELinux boot parameter default value" 27 - depends on SECURITY_SELINUX_BOOTPARAM 28 - range 0 1 29 - default 1 30 - help 31 - This option sets the default value for the kernel parameter 32 - 'selinux', which allows SELinux to be disabled at boot. If this 33 - option is set to 0 (zero), the SELinux kernel parameter will 34 - default to 0, disabling SELinux at bootup. If this option is 35 - set to 1 (one), the SELinux kernel parameter will default to 1, 36 - enabling SELinux at bootup. 37 - 38 - If you are unsure how to answer this question, answer 1. 39 - 40 25 config SECURITY_SELINUX_DISABLE 41 26 bool "NSA SELinux runtime disable" 42 27 depends on SECURITY_SELINUX

+1 -1

security/selinux/Makefile

··· 6 6 obj-$(CONFIG_SECURITY_SELINUX) := selinux.o 7 7 8 8 selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ 9 - netnode.o netport.o ibpkey.o exports.o \ 9 + netnode.o netport.o ibpkey.o \ 10 10 ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ 11 11 ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o 12 12

-23

security/selinux/exports.c

··· 1 - /* 2 - * SELinux services exported to the rest of the kernel. 3 - * 4 - * Author: James Morris <jmorris@redhat.com> 5 - * 6 - * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 - * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 8 - * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> 9 - * 10 - * This program is free software; you can redistribute it and/or modify 11 - * it under the terms of the GNU General Public License version 2, 12 - * as published by the Free Software Foundation. 13 - */ 14 - #include <linux/module.h> 15 - #include <linux/selinux.h> 16 - 17 - #include "security.h" 18 - 19 - bool selinux_is_enabled(void) 20 - { 21 - return selinux_enabled; 22 - } 23 - EXPORT_SYMBOL_GPL(selinux_is_enabled);

+89 -256

security/selinux/hooks.c

··· 79 79 #include <linux/personality.h> 80 80 #include <linux/audit.h> 81 81 #include <linux/string.h> 82 - #include <linux/selinux.h> 83 82 #include <linux/mutex.h> 84 83 #include <linux/posix-timers.h> 85 84 #include <linux/syslog.h> ··· 120 121 #define selinux_enforcing_boot 1 121 122 #endif 122 123 124 + int selinux_enabled __lsm_ro_after_init = 1; 123 125 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 124 - int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; 125 - 126 126 static int __init selinux_enabled_setup(char *str) 127 127 { 128 128 unsigned long enabled; ··· 130 132 return 1; 131 133 } 132 134 __setup("selinux=", selinux_enabled_setup); 133 - #else 134 - int selinux_enabled = 1; 135 135 #endif 136 136 137 137 static unsigned int selinux_checkreqprot_boot = ··· 144 148 return 1; 145 149 } 146 150 __setup("checkreqprot=", checkreqprot_setup); 147 - 148 - static struct kmem_cache *sel_inode_cache; 149 - static struct kmem_cache *file_security_cache; 150 151 151 152 /** 152 153 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled ··· 207 214 struct cred *cred = (struct cred *) current->real_cred; 208 215 struct task_security_struct *tsec; 209 216 210 - tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); 211 - if (!tsec) 212 - panic("SELinux: Failed to initialize initial task.\n"); 213 - 217 + lsm_early_cred(cred); 218 + tsec = selinux_cred(cred); 214 219 tsec->osid = tsec->sid = SECINITSID_KERNEL; 215 - cred->security = tsec; 216 220 } 217 221 218 222 /* ··· 219 229 { 220 230 const struct task_security_struct *tsec; 221 231 222 - tsec = cred->security; 232 + tsec = selinux_cred(cred); 223 233 return tsec->sid; 224 234 } 225 235 ··· 240 250 241 251 static int inode_alloc_security(struct inode *inode) 242 252 { 243 - struct inode_security_struct *isec; 253 + struct inode_security_struct *isec = selinux_inode(inode); 244 254 u32 sid = current_sid(); 245 - 246 - isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); 247 - if (!isec) 248 - return -ENOMEM; 249 255 250 256 spin_lock_init(&isec->lock); 251 257 INIT_LIST_HEAD(&isec->list); ··· 250 264 isec->sclass = SECCLASS_FILE; 251 265 isec->task_sid = sid; 252 266 isec->initialized = LABEL_INVALID; 253 - inode->i_security = isec; 254 267 255 268 return 0; 256 269 } ··· 266 281 struct dentry *dentry, 267 282 bool may_sleep) 268 283 { 269 - struct inode_security_struct *isec = inode->i_security; 284 + struct inode_security_struct *isec = selinux_inode(inode); 270 285 271 286 might_sleep_if(may_sleep); 272 287 ··· 287 302 288 303 static struct inode_security_struct *inode_security_novalidate(struct inode *inode) 289 304 { 290 - return inode->i_security; 305 + return selinux_inode(inode); 291 306 } 292 307 293 308 static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu) ··· 297 312 error = __inode_security_revalidate(inode, NULL, !rcu); 298 313 if (error) 299 314 return ERR_PTR(error); 300 - return inode->i_security; 315 + return selinux_inode(inode); 301 316 } 302 317 303 318 /* ··· 306 321 static struct inode_security_struct *inode_security(struct inode *inode) 307 322 { 308 323 __inode_security_revalidate(inode, NULL, true); 309 - return inode->i_security; 324 + return selinux_inode(inode); 310 325 } 311 326 312 327 static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry) 313 328 { 314 329 struct inode *inode = d_backing_inode(dentry); 315 330 316 - return inode->i_security; 331 + return selinux_inode(inode); 317 332 } 318 333 319 334 /* ··· 324 339 struct inode *inode = d_backing_inode(dentry); 325 340 326 341 __inode_security_revalidate(inode, dentry, true); 327 - return inode->i_security; 328 - } 329 - 330 - static void inode_free_rcu(struct rcu_head *head) 331 - { 332 - struct inode_security_struct *isec; 333 - 334 - isec = container_of(head, struct inode_security_struct, rcu); 335 - kmem_cache_free(sel_inode_cache, isec); 342 + return selinux_inode(inode); 336 343 } 337 344 338 345 static void inode_free_security(struct inode *inode) 339 346 { 340 - struct inode_security_struct *isec = inode->i_security; 341 - struct superblock_security_struct *sbsec = inode->i_sb->s_security; 347 + struct inode_security_struct *isec = selinux_inode(inode); 348 + struct superblock_security_struct *sbsec; 342 349 350 + if (!isec) 351 + return; 352 + sbsec = inode->i_sb->s_security; 343 353 /* 344 354 * As not all inode security structures are in a list, we check for 345 355 * empty list outside of the lock to make sure that we won't waste ··· 350 370 list_del_init(&isec->list); 351 371 spin_unlock(&sbsec->isec_lock); 352 372 } 353 - 354 - /* 355 - * The inode may still be referenced in a path walk and 356 - * a call to selinux_inode_permission() can be made 357 - * after inode_free_security() is called. Ideally, the VFS 358 - * wouldn't do this, but fixing that is a much harder 359 - * job. For now, simply free the i_security via RCU, and 360 - * leave the current inode->i_security pointer intact. 361 - * The inode will be freed after the RCU grace period too. 362 - */ 363 - call_rcu(&isec->rcu, inode_free_rcu); 364 373 } 365 374 366 375 static int file_alloc_security(struct file *file) 367 376 { 368 - struct file_security_struct *fsec; 377 + struct file_security_struct *fsec = selinux_file(file); 369 378 u32 sid = current_sid(); 370 - 371 - fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL); 372 - if (!fsec) 373 - return -ENOMEM; 374 379 375 380 fsec->sid = sid; 376 381 fsec->fown_sid = sid; 377 - file->f_security = fsec; 378 382 379 383 return 0; 380 - } 381 - 382 - static void file_free_security(struct file *file) 383 - { 384 - struct file_security_struct *fsec = file->f_security; 385 - file->f_security = NULL; 386 - kmem_cache_free(file_security_cache, fsec); 387 384 } 388 385 389 386 static int superblock_alloc_security(struct super_block *sb) ··· 458 501 struct superblock_security_struct *sbsec, 459 502 const struct cred *cred) 460 503 { 461 - const struct task_security_struct *tsec = cred->security; 504 + const struct task_security_struct *tsec = selinux_cred(cred); 462 505 int rc; 463 506 464 507 rc = avc_has_perm(&selinux_state, ··· 477 520 struct superblock_security_struct *sbsec, 478 521 const struct cred *cred) 479 522 { 480 - const struct task_security_struct *tsec = cred->security; 523 + const struct task_security_struct *tsec = selinux_cred(cred); 481 524 int rc; 482 525 rc = avc_has_perm(&selinux_state, 483 526 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, ··· 1331 1374 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) 1332 1375 { 1333 1376 struct superblock_security_struct *sbsec = NULL; 1334 - struct inode_security_struct *isec = inode->i_security; 1377 + struct inode_security_struct *isec = selinux_inode(inode); 1335 1378 u32 task_sid, sid = 0; 1336 1379 u16 sclass; 1337 1380 struct dentry *dentry; ··· 1631 1674 return 0; 1632 1675 1633 1676 sid = cred_sid(cred); 1634 - isec = inode->i_security; 1677 + isec = selinux_inode(inode); 1635 1678 1636 1679 return avc_has_perm(&selinux_state, 1637 1680 sid, isec->sid, isec->sclass, perms, adp); ··· 1697 1740 struct file *file, 1698 1741 u32 av) 1699 1742 { 1700 - struct file_security_struct *fsec = file->f_security; 1743 + struct file_security_struct *fsec = selinux_file(file); 1701 1744 struct inode *inode = file_inode(file); 1702 1745 struct common_audit_data ad; 1703 1746 u32 sid = cred_sid(cred); ··· 1763 1806 struct dentry *dentry, 1764 1807 u16 tclass) 1765 1808 { 1766 - const struct task_security_struct *tsec = current_security(); 1809 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 1767 1810 struct inode_security_struct *dsec; 1768 1811 struct superblock_security_struct *sbsec; 1769 1812 u32 sid, newsid; ··· 1785 1828 if (rc) 1786 1829 return rc; 1787 1830 1788 - rc = selinux_determine_inode_label(current_security(), dir, 1831 + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, 1789 1832 &dentry->d_name, tclass, &newsid); 1790 1833 if (rc) 1791 1834 return rc; ··· 2041 2084 struct file *file) 2042 2085 { 2043 2086 u32 sid = task_sid(to); 2044 - struct file_security_struct *fsec = file->f_security; 2087 + struct file_security_struct *fsec = selinux_file(file); 2045 2088 struct dentry *dentry = file->f_path.dentry; 2046 2089 struct inode_security_struct *isec; 2047 2090 struct common_audit_data ad; ··· 2292 2335 if (bprm->called_set_creds) 2293 2336 return 0; 2294 2337 2295 - old_tsec = current_security(); 2296 - new_tsec = bprm->cred->security; 2338 + old_tsec = selinux_cred(current_cred()); 2339 + new_tsec = selinux_cred(bprm->cred); 2297 2340 isec = inode_security(inode); 2298 2341 2299 2342 /* Default to the current task SID. */ ··· 2457 2500 struct rlimit *rlim, *initrlim; 2458 2501 int rc, i; 2459 2502 2460 - new_tsec = bprm->cred->security; 2503 + new_tsec = selinux_cred(bprm->cred); 2461 2504 if (new_tsec->sid == new_tsec->osid) 2462 2505 return; 2463 2506 ··· 2500 2543 */ 2501 2544 static void selinux_bprm_committed_creds(struct linux_binprm *bprm) 2502 2545 { 2503 - const struct task_security_struct *tsec = current_security(); 2546 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 2504 2547 struct itimerval itimer; 2505 2548 u32 osid, sid; 2506 2549 int rc, i; ··· 2737 2780 u32 newsid; 2738 2781 int rc; 2739 2782 2740 - rc = selinux_determine_inode_label(current_security(), 2783 + rc = selinux_determine_inode_label(selinux_cred(current_cred()), 2741 2784 d_inode(dentry->d_parent), name, 2742 2785 inode_mode_to_security_class(mode), 2743 2786 &newsid); ··· 2757 2800 int rc; 2758 2801 struct task_security_struct *tsec; 2759 2802 2760 - rc = selinux_determine_inode_label(old->security, 2803 + rc = selinux_determine_inode_label(selinux_cred(old), 2761 2804 d_inode(dentry->d_parent), name, 2762 2805 inode_mode_to_security_class(mode), 2763 2806 &newsid); 2764 2807 if (rc) 2765 2808 return rc; 2766 2809 2767 - tsec = new->security; 2810 + tsec = selinux_cred(new); 2768 2811 tsec->create_sid = newsid; 2769 2812 return 0; 2770 2813 } ··· 2774 2817 const char **name, 2775 2818 void **value, size_t *len) 2776 2819 { 2777 - const struct task_security_struct *tsec = current_security(); 2820 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 2778 2821 struct superblock_security_struct *sbsec; 2779 2822 u32 newsid, clen; 2780 2823 int rc; ··· 2784 2827 2785 2828 newsid = tsec->create_sid; 2786 2829 2787 - rc = selinux_determine_inode_label(current_security(), 2830 + rc = selinux_determine_inode_label(selinux_cred(current_cred()), 2788 2831 dir, qstr, 2789 2832 inode_mode_to_security_class(inode->i_mode), 2790 2833 &newsid); ··· 2793 2836 2794 2837 /* Possibly defer initialization to selinux_complete_init. */ 2795 2838 if (sbsec->flags & SE_SBINITIALIZED) { 2796 - struct inode_security_struct *isec = inode->i_security; 2839 + struct inode_security_struct *isec = selinux_inode(inode); 2797 2840 isec->sclass = inode_mode_to_security_class(inode->i_mode); 2798 2841 isec->sid = newsid; 2799 2842 isec->initialized = LABEL_INITIALIZED; ··· 2893 2936 unsigned flags) 2894 2937 { 2895 2938 struct common_audit_data ad; 2896 - struct inode_security_struct *isec = inode->i_security; 2939 + struct inode_security_struct *isec = selinux_inode(inode); 2897 2940 int rc; 2898 2941 2899 2942 ad.type = LSM_AUDIT_DATA_INODE; ··· 3246 3289 return -ENOMEM; 3247 3290 } 3248 3291 3249 - tsec = new_creds->security; 3292 + tsec = selinux_cred(new_creds); 3250 3293 /* Get label from overlay inode and set it in create_sid */ 3251 3294 selinux_inode_getsecid(d_inode(src), &sid); 3252 3295 tsec->create_sid = sid; ··· 3287 3330 static int selinux_file_permission(struct file *file, int mask) 3288 3331 { 3289 3332 struct inode *inode = file_inode(file); 3290 - struct file_security_struct *fsec = file->f_security; 3333 + struct file_security_struct *fsec = selinux_file(file); 3291 3334 struct inode_security_struct *isec; 3292 3335 u32 sid = current_sid(); 3293 3336 ··· 3309 3352 return file_alloc_security(file); 3310 3353 } 3311 3354 3312 - static void selinux_file_free_security(struct file *file) 3313 - { 3314 - file_free_security(file); 3315 - } 3316 - 3317 3355 /* 3318 3356 * Check whether a task has the ioctl permission and cmd 3319 3357 * operation to an inode. ··· 3317 3365 u32 requested, u16 cmd) 3318 3366 { 3319 3367 struct common_audit_data ad; 3320 - struct file_security_struct *fsec = file->f_security; 3368 + struct file_security_struct *fsec = selinux_file(file); 3321 3369 struct inode *inode = file_inode(file); 3322 3370 struct inode_security_struct *isec; 3323 3371 struct lsm_ioctlop_audit ioctl; ··· 3569 3617 { 3570 3618 struct file_security_struct *fsec; 3571 3619 3572 - fsec = file->f_security; 3620 + fsec = selinux_file(file); 3573 3621 fsec->fown_sid = current_sid(); 3574 3622 } 3575 3623 ··· 3584 3632 /* struct fown_struct is never outside the context of a struct file */ 3585 3633 file = container_of(fown, struct file, f_owner); 3586 3634 3587 - fsec = file->f_security; 3635 + fsec = selinux_file(file); 3588 3636 3589 3637 if (!signum) 3590 3638 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ ··· 3608 3656 struct file_security_struct *fsec; 3609 3657 struct inode_security_struct *isec; 3610 3658 3611 - fsec = file->f_security; 3659 + fsec = selinux_file(file); 3612 3660 isec = inode_security(file_inode(file)); 3613 3661 /* 3614 3662 * Save inode label and policy sequence number ··· 3642 3690 } 3643 3691 3644 3692 /* 3645 - * allocate the SELinux part of blank credentials 3646 - */ 3647 - static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) 3648 - { 3649 - struct task_security_struct *tsec; 3650 - 3651 - tsec = kzalloc(sizeof(struct task_security_struct), gfp); 3652 - if (!tsec) 3653 - return -ENOMEM; 3654 - 3655 - cred->security = tsec; 3656 - return 0; 3657 - } 3658 - 3659 - /* 3660 - * detach and free the LSM part of a set of credentials 3661 - */ 3662 - static void selinux_cred_free(struct cred *cred) 3663 - { 3664 - struct task_security_struct *tsec = cred->security; 3665 - 3666 - /* 3667 - * cred->security == NULL if security_cred_alloc_blank() or 3668 - * security_prepare_creds() returned an error. 3669 - */ 3670 - BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); 3671 - cred->security = (void *) 0x7UL; 3672 - kfree(tsec); 3673 - } 3674 - 3675 - /* 3676 3693 * prepare a new set of credentials for modification 3677 3694 */ 3678 3695 static int selinux_cred_prepare(struct cred *new, const struct cred *old, 3679 3696 gfp_t gfp) 3680 3697 { 3681 - const struct task_security_struct *old_tsec; 3682 - struct task_security_struct *tsec; 3698 + const struct task_security_struct *old_tsec = selinux_cred(old); 3699 + struct task_security_struct *tsec = selinux_cred(new); 3683 3700 3684 - old_tsec = old->security; 3685 - 3686 - tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); 3687 - if (!tsec) 3688 - return -ENOMEM; 3689 - 3690 - new->security = tsec; 3701 + *tsec = *old_tsec; 3691 3702 return 0; 3692 3703 } 3693 3704 ··· 3659 3744 */ 3660 3745 static void selinux_cred_transfer(struct cred *new, const struct cred *old) 3661 3746 { 3662 - const struct task_security_struct *old_tsec = old->security; 3663 - struct task_security_struct *tsec = new->security; 3747 + const struct task_security_struct *old_tsec = selinux_cred(old); 3748 + struct task_security_struct *tsec = selinux_cred(new); 3664 3749 3665 3750 *tsec = *old_tsec; 3666 3751 } ··· 3676 3761 */ 3677 3762 static int selinux_kernel_act_as(struct cred *new, u32 secid) 3678 3763 { 3679 - struct task_security_struct *tsec = new->security; 3764 + struct task_security_struct *tsec = selinux_cred(new); 3680 3765 u32 sid = current_sid(); 3681 3766 int ret; 3682 3767 ··· 3701 3786 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) 3702 3787 { 3703 3788 struct inode_security_struct *isec = inode_security(inode); 3704 - struct task_security_struct *tsec = new->security; 3789 + struct task_security_struct *tsec = selinux_cred(new); 3705 3790 u32 sid = current_sid(); 3706 3791 int ret; 3707 3792 ··· 3747 3832 ad.type = LSM_AUDIT_DATA_FILE; 3748 3833 ad.u.file = file; 3749 3834 3750 - fsec = file->f_security; 3835 + fsec = selinux_file(file); 3751 3836 if (sid != fsec->sid) { 3752 3837 rc = avc_has_perm(&selinux_state, 3753 3838 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); ··· 3913 3998 static void selinux_task_to_inode(struct task_struct *p, 3914 3999 struct inode *inode) 3915 4000 { 3916 - struct inode_security_struct *isec = inode->i_security; 4001 + struct inode_security_struct *isec = selinux_inode(inode); 3917 4002 u32 sid = task_sid(p); 3918 4003 3919 4004 spin_lock(&isec->lock); ··· 4250 4335 static int selinux_socket_create(int family, int type, 4251 4336 int protocol, int kern) 4252 4337 { 4253 - const struct task_security_struct *tsec = current_security(); 4338 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 4254 4339 u32 newsid; 4255 4340 u16 secclass; 4256 4341 int rc; ··· 4270 4355 static int selinux_socket_post_create(struct socket *sock, int family, 4271 4356 int type, int protocol, int kern) 4272 4357 { 4273 - const struct task_security_struct *tsec = current_security(); 4358 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 4274 4359 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); 4275 4360 struct sk_security_struct *sksec; 4276 4361 u16 sclass = socket_type_to_security_class(family, type, protocol); ··· 5151 5236 const struct task_security_struct *__tsec; 5152 5237 u32 tsid; 5153 5238 5154 - __tsec = current_security(); 5239 + __tsec = selinux_cred(current_cred()); 5155 5240 tsid = __tsec->sid; 5156 5241 5157 5242 return avc_has_perm(&selinux_state, ··· 5626 5711 return selinux_nlmsg_perm(sk, skb); 5627 5712 } 5628 5713 5629 - static int ipc_alloc_security(struct kern_ipc_perm *perm, 5630 - u16 sclass) 5714 + static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) 5631 5715 { 5632 - struct ipc_security_struct *isec; 5633 - 5634 - isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); 5635 - if (!isec) 5636 - return -ENOMEM; 5637 - 5638 5716 isec->sclass = sclass; 5639 5717 isec->sid = current_sid(); 5640 - perm->security = isec; 5641 - 5642 - return 0; 5643 - } 5644 - 5645 - static void ipc_free_security(struct kern_ipc_perm *perm) 5646 - { 5647 - struct ipc_security_struct *isec = perm->security; 5648 - perm->security = NULL; 5649 - kfree(isec); 5650 5718 } 5651 5719 5652 5720 static int msg_msg_alloc_security(struct msg_msg *msg) 5653 5721 { 5654 5722 struct msg_security_struct *msec; 5655 5723 5656 - msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); 5657 - if (!msec) 5658 - return -ENOMEM; 5659 - 5724 + msec = selinux_msg_msg(msg); 5660 5725 msec->sid = SECINITSID_UNLABELED; 5661 - msg->security = msec; 5662 5726 5663 5727 return 0; 5664 - } 5665 - 5666 - static void msg_msg_free_security(struct msg_msg *msg) 5667 - { 5668 - struct msg_security_struct *msec = msg->security; 5669 - 5670 - msg->security = NULL; 5671 - kfree(msec); 5672 5728 } 5673 5729 5674 5730 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, ··· 5649 5763 struct common_audit_data ad; 5650 5764 u32 sid = current_sid(); 5651 5765 5652 - isec = ipc_perms->security; 5766 + isec = selinux_ipc(ipc_perms); 5653 5767 5654 5768 ad.type = LSM_AUDIT_DATA_IPC; 5655 5769 ad.u.ipc_id = ipc_perms->key; ··· 5663 5777 return msg_msg_alloc_security(msg); 5664 5778 } 5665 5779 5666 - static void selinux_msg_msg_free_security(struct msg_msg *msg) 5667 - { 5668 - msg_msg_free_security(msg); 5669 - } 5670 - 5671 5780 /* message queue security operations */ 5672 5781 static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) 5673 5782 { ··· 5671 5790 u32 sid = current_sid(); 5672 5791 int rc; 5673 5792 5674 - rc = ipc_alloc_security(msq, SECCLASS_MSGQ); 5675 - if (rc) 5676 - return rc; 5677 - 5678 - isec = msq->security; 5793 + isec = selinux_ipc(msq); 5794 + ipc_init_security(isec, SECCLASS_MSGQ); 5679 5795 5680 5796 ad.type = LSM_AUDIT_DATA_IPC; 5681 5797 ad.u.ipc_id = msq->key; ··· 5680 5802 rc = avc_has_perm(&selinux_state, 5681 5803 sid, isec->sid, SECCLASS_MSGQ, 5682 5804 MSGQ__CREATE, &ad); 5683 - if (rc) { 5684 - ipc_free_security(msq); 5685 - return rc; 5686 - } 5687 - return 0; 5688 - } 5689 - 5690 - static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq) 5691 - { 5692 - ipc_free_security(msq); 5805 + return rc; 5693 5806 } 5694 5807 5695 5808 static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) ··· 5689 5820 struct common_audit_data ad; 5690 5821 u32 sid = current_sid(); 5691 5822 5692 - isec = msq->security; 5823 + isec = selinux_ipc(msq); 5693 5824 5694 5825 ad.type = LSM_AUDIT_DATA_IPC; 5695 5826 ad.u.ipc_id = msq->key; ··· 5738 5869 u32 sid = current_sid(); 5739 5870 int rc; 5740 5871 5741 - isec = msq->security; 5742 - msec = msg->security; 5872 + isec = selinux_ipc(msq); 5873 + msec = selinux_msg_msg(msg); 5743 5874 5744 5875 /* 5745 5876 * First time through, need to assign label to the message ··· 5786 5917 u32 sid = task_sid(target); 5787 5918 int rc; 5788 5919 5789 - isec = msq->security; 5790 - msec = msg->security; 5920 + isec = selinux_ipc(msq); 5921 + msec = selinux_msg_msg(msg); 5791 5922 5792 5923 ad.type = LSM_AUDIT_DATA_IPC; 5793 5924 ad.u.ipc_id = msq->key; ··· 5810 5941 u32 sid = current_sid(); 5811 5942 int rc; 5812 5943 5813 - rc = ipc_alloc_security(shp, SECCLASS_SHM); 5814 - if (rc) 5815 - return rc; 5816 - 5817 - isec = shp->security; 5944 + isec = selinux_ipc(shp); 5945 + ipc_init_security(isec, SECCLASS_SHM); 5818 5946 5819 5947 ad.type = LSM_AUDIT_DATA_IPC; 5820 5948 ad.u.ipc_id = shp->key; ··· 5819 5953 rc = avc_has_perm(&selinux_state, 5820 5954 sid, isec->sid, SECCLASS_SHM, 5821 5955 SHM__CREATE, &ad); 5822 - if (rc) { 5823 - ipc_free_security(shp); 5824 - return rc; 5825 - } 5826 - return 0; 5827 - } 5828 - 5829 - static void selinux_shm_free_security(struct kern_ipc_perm *shp) 5830 - { 5831 - ipc_free_security(shp); 5956 + return rc; 5832 5957 } 5833 5958 5834 5959 static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) ··· 5828 5971 struct common_audit_data ad; 5829 5972 u32 sid = current_sid(); 5830 5973 5831 - isec = shp->security; 5974 + isec = selinux_ipc(shp); 5832 5975 5833 5976 ad.type = LSM_AUDIT_DATA_IPC; 5834 5977 ad.u.ipc_id = shp->key; ··· 5895 6038 u32 sid = current_sid(); 5896 6039 int rc; 5897 6040 5898 - rc = ipc_alloc_security(sma, SECCLASS_SEM); 5899 - if (rc) 5900 - return rc; 5901 - 5902 - isec = sma->security; 6041 + isec = selinux_ipc(sma); 6042 + ipc_init_security(isec, SECCLASS_SEM); 5903 6043 5904 6044 ad.type = LSM_AUDIT_DATA_IPC; 5905 6045 ad.u.ipc_id = sma->key; ··· 5904 6050 rc = avc_has_perm(&selinux_state, 5905 6051 sid, isec->sid, SECCLASS_SEM, 5906 6052 SEM__CREATE, &ad); 5907 - if (rc) { 5908 - ipc_free_security(sma); 5909 - return rc; 5910 - } 5911 - return 0; 5912 - } 5913 - 5914 - static void selinux_sem_free_security(struct kern_ipc_perm *sma) 5915 - { 5916 - ipc_free_security(sma); 6053 + return rc; 5917 6054 } 5918 6055 5919 6056 static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) ··· 5913 6068 struct common_audit_data ad; 5914 6069 u32 sid = current_sid(); 5915 6070 5916 - isec = sma->security; 6071 + isec = selinux_ipc(sma); 5917 6072 5918 6073 ad.type = LSM_AUDIT_DATA_IPC; 5919 6074 ad.u.ipc_id = sma->key; ··· 5999 6154 6000 6155 static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 6001 6156 { 6002 - struct ipc_security_struct *isec = ipcp->security; 6157 + struct ipc_security_struct *isec = selinux_ipc(ipcp); 6003 6158 *secid = isec->sid; 6004 6159 } 6005 6160 ··· 6018 6173 unsigned len; 6019 6174 6020 6175 rcu_read_lock(); 6021 - __tsec = __task_cred(p)->security; 6176 + __tsec = selinux_cred(__task_cred(p)); 6022 6177 6023 6178 if (current != p) { 6024 6179 error = avc_has_perm(&selinux_state, ··· 6141 6296 operation. See selinux_bprm_set_creds for the execve 6142 6297 checks and may_create for the file creation checks. The 6143 6298 operation will then fail if the context is not permitted. */ 6144 - tsec = new->security; 6299 + tsec = selinux_cred(new); 6145 6300 if (!strcmp(name, "exec")) { 6146 6301 tsec->exec_sid = sid; 6147 6302 } else if (!strcmp(name, "fscreate")) { ··· 6225 6380 6226 6381 static void selinux_inode_invalidate_secctx(struct inode *inode) 6227 6382 { 6228 - struct inode_security_struct *isec = inode->i_security; 6383 + struct inode_security_struct *isec = selinux_inode(inode); 6229 6384 6230 6385 spin_lock(&isec->lock); 6231 6386 isec->initialized = LABEL_INVALID; ··· 6270 6425 if (!ksec) 6271 6426 return -ENOMEM; 6272 6427 6273 - tsec = cred->security; 6428 + tsec = selinux_cred(cred); 6274 6429 if (tsec->keycreate_sid) 6275 6430 ksec->sid = tsec->keycreate_sid; 6276 6431 else ··· 6533 6688 } 6534 6689 #endif 6535 6690 6691 + struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { 6692 + .lbs_cred = sizeof(struct task_security_struct), 6693 + .lbs_file = sizeof(struct file_security_struct), 6694 + .lbs_inode = sizeof(struct inode_security_struct), 6695 + .lbs_ipc = sizeof(struct ipc_security_struct), 6696 + .lbs_msg_msg = sizeof(struct msg_security_struct), 6697 + }; 6698 + 6536 6699 static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { 6537 6700 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), 6538 6701 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), ··· 6610 6757 6611 6758 LSM_HOOK_INIT(file_permission, selinux_file_permission), 6612 6759 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), 6613 - LSM_HOOK_INIT(file_free_security, selinux_file_free_security), 6614 6760 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), 6615 6761 LSM_HOOK_INIT(mmap_file, selinux_mmap_file), 6616 6762 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), ··· 6623 6771 LSM_HOOK_INIT(file_open, selinux_file_open), 6624 6772 6625 6773 LSM_HOOK_INIT(task_alloc, selinux_task_alloc), 6626 - LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank), 6627 - LSM_HOOK_INIT(cred_free, selinux_cred_free), 6628 6774 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), 6629 6775 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), 6630 6776 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), ··· 6650 6800 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), 6651 6801 6652 6802 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), 6653 - LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security), 6654 6803 6655 6804 LSM_HOOK_INIT(msg_queue_alloc_security, 6656 6805 selinux_msg_queue_alloc_security), 6657 - LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security), 6658 6806 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), 6659 6807 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), 6660 6808 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), 6661 6809 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), 6662 6810 6663 6811 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), 6664 - LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security), 6665 6812 LSM_HOOK_INIT(shm_associate, selinux_shm_associate), 6666 6813 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), 6667 6814 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), 6668 6815 6669 6816 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), 6670 - LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security), 6671 6817 LSM_HOOK_INIT(sem_associate, selinux_sem_associate), 6672 6818 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), 6673 6819 LSM_HOOK_INIT(sem_semop, selinux_sem_semop), ··· 6774 6928 6775 6929 static __init int selinux_init(void) 6776 6930 { 6777 - if (!security_module_enable("selinux")) { 6778 - selinux_enabled = 0; 6779 - return 0; 6780 - } 6781 - 6782 - if (!selinux_enabled) { 6783 - pr_info("SELinux: Disabled at boot.\n"); 6784 - return 0; 6785 - } 6786 - 6787 6931 pr_info("SELinux: Initializing.\n"); 6788 6932 6789 6933 memset(&selinux_state, 0, sizeof(selinux_state)); ··· 6787 6951 6788 6952 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); 6789 6953 6790 - sel_inode_cache = kmem_cache_create("selinux_inode_security", 6791 - sizeof(struct inode_security_struct), 6792 - 0, SLAB_PANIC, NULL); 6793 - file_security_cache = kmem_cache_create("selinux_file_security", 6794 - sizeof(struct file_security_struct), 6795 - 0, SLAB_PANIC, NULL); 6796 6954 avc_init(); 6797 6955 6798 6956 avtab_cache_init(); ··· 6829 6999 all processes and objects when they are created. */ 6830 7000 DEFINE_LSM(selinux) = { 6831 7001 .name = "selinux", 7002 + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 7003 + .enabled = &selinux_enabled, 7004 + .blobs = &selinux_blob_sizes, 6832 7005 .init = selinux_init, 6833 7006 }; 6834 7007

-3

security/selinux/include/audit.h

··· 1 1 /* 2 2 * SELinux support for the Audit LSM hooks 3 3 * 4 - * Most of below header was moved from include/linux/selinux.h which 5 - * is released under below copyrights: 6 - * 7 4 * Author: James Morris <jmorris@redhat.com> 8 5 * 9 6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>

+34 -4

security/selinux/include/objsec.h

··· 25 25 #include <linux/binfmts.h> 26 26 #include <linux/in.h> 27 27 #include <linux/spinlock.h> 28 + #include <linux/lsm_hooks.h> 29 + #include <linux/msg.h> 28 30 #include <net/net_namespace.h> 29 31 #include "flask.h" 30 32 #include "avc.h" ··· 58 56 59 57 struct inode_security_struct { 60 58 struct inode *inode; /* back pointer to inode object */ 61 - union { 62 - struct list_head list; /* list of inode_security_struct */ 63 - struct rcu_head rcu; /* for freeing the inode_security_struct */ 64 - }; 59 + struct list_head list; /* list of inode_security_struct */ 65 60 u32 task_sid; /* SID of creating task */ 66 61 u32 sid; /* SID of this object */ 67 62 u16 sclass; /* security class of this object */ ··· 156 157 struct bpf_security_struct { 157 158 u32 sid; /*SID of bpf obj creater*/ 158 159 }; 160 + 161 + extern struct lsm_blob_sizes selinux_blob_sizes; 162 + static inline struct task_security_struct *selinux_cred(const struct cred *cred) 163 + { 164 + return cred->security + selinux_blob_sizes.lbs_cred; 165 + } 166 + 167 + static inline struct file_security_struct *selinux_file(const struct file *file) 168 + { 169 + return file->f_security + selinux_blob_sizes.lbs_file; 170 + } 171 + 172 + static inline struct inode_security_struct *selinux_inode( 173 + const struct inode *inode) 174 + { 175 + if (unlikely(!inode->i_security)) 176 + return NULL; 177 + return inode->i_security + selinux_blob_sizes.lbs_inode; 178 + } 179 + 180 + static inline struct msg_security_struct *selinux_msg_msg( 181 + const struct msg_msg *msg_msg) 182 + { 183 + return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; 184 + } 185 + 186 + static inline struct ipc_security_struct *selinux_ipc( 187 + const struct kern_ipc_perm *ipc) 188 + { 189 + return ipc->security + selinux_blob_sizes.lbs_ipc; 190 + } 159 191 160 192 #endif /* _SELINUX_OBJSEC_H_ */

+2 -2

security/selinux/selinuxfs.c

··· 1378 1378 goto out; 1379 1379 } 1380 1380 1381 - isec = (struct inode_security_struct *)inode->i_security; 1381 + isec = selinux_inode(inode); 1382 1382 ret = security_genfs_sid(fsi->state, "selinuxfs", page, 1383 1383 SECCLASS_FILE, &sid); 1384 1384 if (ret) { ··· 1953 1953 } 1954 1954 1955 1955 inode->i_ino = ++fsi->last_ino; 1956 - isec = (struct inode_security_struct *)inode->i_security; 1956 + isec = selinux_inode(inode); 1957 1957 isec->sid = SECINITSID_DEVNULL; 1958 1958 isec->sclass = SECCLASS_CHR_FILE; 1959 1959 isec->initialized = LABEL_INITIALIZED;

-1

security/selinux/ss/services.c

··· 49 49 #include <linux/sched.h> 50 50 #include <linux/audit.h> 51 51 #include <linux/mutex.h> 52 - #include <linux/selinux.h> 53 52 #include <linux/flex_array.h> 54 53 #include <linux/vmalloc.h> 55 54 #include <net/netlabel.h>

+2 -2

security/selinux/xfrm.c

··· 79 79 gfp_t gfp) 80 80 { 81 81 int rc; 82 - const struct task_security_struct *tsec = current_security(); 82 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 83 83 struct xfrm_sec_ctx *ctx = NULL; 84 84 u32 str_len; 85 85 ··· 138 138 */ 139 139 static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) 140 140 { 141 - const struct task_security_struct *tsec = current_security(); 141 + const struct task_security_struct *tsec = selinux_cred(current_cred()); 142 142 143 143 if (!ctx) 144 144 return 0;

+39 -5

security/smack/smack.h

··· 24 24 #include <linux/list.h> 25 25 #include <linux/rculist.h> 26 26 #include <linux/lsm_audit.h> 27 + #include <linux/msg.h> 27 28 28 29 /* 29 30 * Use IPv6 port labeling if IPv6 is enabled and secmarks ··· 337 336 extern struct smack_known *smack_unconfined; 338 337 #endif 339 338 extern int smack_ptrace_rule; 339 + extern struct lsm_blob_sizes smack_blob_sizes; 340 340 341 341 extern struct smack_known smack_known_floor; 342 342 extern struct smack_known smack_known_hat; ··· 358 356 #define SMACK_HASH_SLOTS 16 359 357 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; 360 358 359 + static inline struct task_smack *smack_cred(const struct cred *cred) 360 + { 361 + return cred->security + smack_blob_sizes.lbs_cred; 362 + } 363 + 364 + static inline struct smack_known **smack_file(const struct file *file) 365 + { 366 + return (struct smack_known **)(file->f_security + 367 + smack_blob_sizes.lbs_file); 368 + } 369 + 370 + static inline struct inode_smack *smack_inode(const struct inode *inode) 371 + { 372 + return inode->i_security + smack_blob_sizes.lbs_inode; 373 + } 374 + 375 + static inline struct smack_known **smack_msg_msg(const struct msg_msg *msg) 376 + { 377 + return msg->security + smack_blob_sizes.lbs_msg_msg; 378 + } 379 + 380 + static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) 381 + { 382 + return ipc->security + smack_blob_sizes.lbs_ipc; 383 + } 384 + 361 385 /* 362 386 * Is the directory transmuting? 363 387 */ 364 388 static inline int smk_inode_transmutable(const struct inode *isp) 365 389 { 366 - struct inode_smack *sip = isp->i_security; 390 + struct inode_smack *sip = smack_inode(isp); 367 391 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; 368 392 } 369 393 ··· 398 370 */ 399 371 static inline struct smack_known *smk_of_inode(const struct inode *isp) 400 372 { 401 - struct inode_smack *sip = isp->i_security; 373 + struct inode_smack *sip = smack_inode(isp); 402 374 return sip->smk_inode; 403 375 } 404 376 ··· 410 382 return tsp->smk_task; 411 383 } 412 384 413 - static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) 385 + static inline struct smack_known *smk_of_task_struct( 386 + const struct task_struct *t) 414 387 { 415 388 struct smack_known *skp; 389 + const struct cred *cred; 416 390 417 391 rcu_read_lock(); 418 - skp = smk_of_task(__task_cred(t)->security); 392 + 393 + cred = __task_cred(t); 394 + skp = smk_of_task(smack_cred(cred)); 395 + 419 396 rcu_read_unlock(); 397 + 420 398 return skp; 421 399 } 422 400 ··· 439 405 */ 440 406 static inline struct smack_known *smk_of_current(void) 441 407 { 442 - return smk_of_task(current_security()); 408 + return smk_of_task(smack_cred(current_cred())); 443 409 } 444 410 445 411 /*

+2 -2

security/smack/smack_access.c

··· 275 275 int smk_curacc(struct smack_known *obj_known, 276 276 u32 mode, struct smk_audit_info *a) 277 277 { 278 - struct task_smack *tsp = current_security(); 278 + struct task_smack *tsp = smack_cred(current_cred()); 279 279 280 280 return smk_tskacc(tsp, obj_known, mode, a); 281 281 } ··· 635 635 */ 636 636 bool smack_privileged_cred(int cap, const struct cred *cred) 637 637 { 638 - struct task_smack *tsp = cred->security; 638 + struct task_smack *tsp = smack_cred(cred); 639 639 struct smack_known *skp = tsp->smk_task; 640 640 struct smack_known_list_elem *sklep; 641 641 int rc;

+107 -209

security/smack/smack_lsm.c

··· 139 139 static int smk_bu_current(char *note, struct smack_known *oskp, 140 140 int mode, int rc) 141 141 { 142 - struct task_smack *tsp = current_security(); 142 + struct task_smack *tsp = smack_cred(current_cred()); 143 143 char acc[SMK_NUM_ACCESS_TYPE + 1]; 144 144 145 145 if (rc <= 0) ··· 160 160 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 161 161 static int smk_bu_task(struct task_struct *otp, int mode, int rc) 162 162 { 163 - struct task_smack *tsp = current_security(); 163 + struct task_smack *tsp = smack_cred(current_cred()); 164 164 struct smack_known *smk_task = smk_of_task_struct(otp); 165 165 char acc[SMK_NUM_ACCESS_TYPE + 1]; 166 166 ··· 182 182 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 183 183 static int smk_bu_inode(struct inode *inode, int mode, int rc) 184 184 { 185 - struct task_smack *tsp = current_security(); 186 - struct inode_smack *isp = inode->i_security; 185 + struct task_smack *tsp = smack_cred(current_cred()); 186 + struct inode_smack *isp = smack_inode(inode); 187 187 char acc[SMK_NUM_ACCESS_TYPE + 1]; 188 188 189 189 if (isp->smk_flags & SMK_INODE_IMPURE) ··· 212 212 #ifdef CONFIG_SECURITY_SMACK_BRINGUP 213 213 static int smk_bu_file(struct file *file, int mode, int rc) 214 214 { 215 - struct task_smack *tsp = current_security(); 215 + struct task_smack *tsp = smack_cred(current_cred()); 216 216 struct smack_known *sskp = tsp->smk_task; 217 217 struct inode *inode = file_inode(file); 218 - struct inode_smack *isp = inode->i_security; 218 + struct inode_smack *isp = smack_inode(inode); 219 219 char acc[SMK_NUM_ACCESS_TYPE + 1]; 220 220 221 221 if (isp->smk_flags & SMK_INODE_IMPURE) ··· 242 242 static int smk_bu_credfile(const struct cred *cred, struct file *file, 243 243 int mode, int rc) 244 244 { 245 - struct task_smack *tsp = cred->security; 245 + struct task_smack *tsp = smack_cred(cred); 246 246 struct smack_known *sskp = tsp->smk_task; 247 247 struct inode *inode = file_inode(file); 248 - struct inode_smack *isp = inode->i_security; 248 + struct inode_smack *isp = smack_inode(inode); 249 249 char acc[SMK_NUM_ACCESS_TYPE + 1]; 250 250 251 251 if (isp->smk_flags & SMK_INODE_IMPURE) ··· 305 305 } 306 306 307 307 /** 308 - * new_inode_smack - allocate an inode security blob 308 + * init_inode_smack - initialize an inode security blob 309 + * @isp: the blob to initialize 309 310 * @skp: a pointer to the Smack label entry to use in the blob 310 311 * 311 - * Returns the new blob or NULL if there's no memory available 312 312 */ 313 - static struct inode_smack *new_inode_smack(struct smack_known *skp) 313 + static void init_inode_smack(struct inode *inode, struct smack_known *skp) 314 314 { 315 - struct inode_smack *isp; 316 - 317 - isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS); 318 - if (isp == NULL) 319 - return NULL; 315 + struct inode_smack *isp = smack_inode(inode); 320 316 321 317 isp->smk_inode = skp; 322 318 isp->smk_flags = 0; 323 319 mutex_init(&isp->smk_lock); 324 - 325 - return isp; 326 320 } 327 321 328 322 /** 329 - * new_task_smack - allocate a task security blob 323 + * init_task_smack - initialize a task security blob 324 + * @tsp: blob to initialize 330 325 * @task: a pointer to the Smack label for the running task 331 326 * @forked: a pointer to the Smack label for the forked task 332 - * @gfp: type of the memory for the allocation 333 327 * 334 - * Returns the new blob or NULL if there's no memory available 335 328 */ 336 - static struct task_smack *new_task_smack(struct smack_known *task, 337 - struct smack_known *forked, gfp_t gfp) 329 + static void init_task_smack(struct task_smack *tsp, struct smack_known *task, 330 + struct smack_known *forked) 338 331 { 339 - struct task_smack *tsp; 340 - 341 - tsp = kzalloc(sizeof(struct task_smack), gfp); 342 - if (tsp == NULL) 343 - return NULL; 344 - 345 332 tsp->smk_task = task; 346 333 tsp->smk_forked = forked; 347 334 INIT_LIST_HEAD(&tsp->smk_rules); 348 335 INIT_LIST_HEAD(&tsp->smk_relabel); 349 336 mutex_init(&tsp->smk_rules_lock); 350 - 351 - return tsp; 352 337 } 353 338 354 339 /** ··· 433 448 434 449 rcu_read_lock(); 435 450 tracercred = __task_cred(tracer); 436 - tsp = tracercred->security; 451 + tsp = smack_cred(tracercred); 437 452 tracer_known = smk_of_task(tsp); 438 453 439 454 if ((mode & PTRACE_MODE_ATTACH) && ··· 500 515 int rc; 501 516 struct smack_known *skp; 502 517 503 - skp = smk_of_task(current_security()); 518 + skp = smk_of_task(smack_cred(current_cred())); 504 519 505 520 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 506 521 return rc; ··· 703 718 if (sp->smk_flags & SMK_SB_INITIALIZED) 704 719 return 0; 705 720 721 + if (inode->i_security == NULL) { 722 + int rc = lsm_inode_alloc(inode); 723 + 724 + if (rc) 725 + return rc; 726 + } 727 + 706 728 if (!smack_privileged(CAP_MAC_ADMIN)) { 707 729 /* 708 730 * Unprivileged mounts don't get to specify Smack values. ··· 774 782 /* 775 783 * Initialize the root inode. 776 784 */ 777 - isp = inode->i_security; 778 - if (isp == NULL) { 779 - isp = new_inode_smack(sp->smk_root); 780 - if (isp == NULL) 781 - return -ENOMEM; 782 - inode->i_security = isp; 783 - } else 784 - isp->smk_inode = sp->smk_root; 785 + init_inode_smack(inode, sp->smk_root); 785 786 786 - if (transmute) 787 + if (transmute) { 788 + isp = smack_inode(inode); 787 789 isp->smk_flags |= SMK_INODE_TRANSMUTE; 790 + } 788 791 789 792 return 0; 790 793 } ··· 818 831 static int smack_bprm_set_creds(struct linux_binprm *bprm) 819 832 { 820 833 struct inode *inode = file_inode(bprm->file); 821 - struct task_smack *bsp = bprm->cred->security; 834 + struct task_smack *bsp = smack_cred(bprm->cred); 822 835 struct inode_smack *isp; 823 836 struct superblock_smack *sbsp; 824 837 int rc; ··· 826 839 if (bprm->called_set_creds) 827 840 return 0; 828 841 829 - isp = inode->i_security; 842 + isp = smack_inode(inode); 830 843 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task) 831 844 return 0; 832 845 ··· 877 890 { 878 891 struct smack_known *skp = smk_of_current(); 879 892 880 - inode->i_security = new_inode_smack(skp); 881 - if (inode->i_security == NULL) 882 - return -ENOMEM; 893 + init_inode_smack(inode, skp); 883 894 return 0; 884 - } 885 - 886 - /** 887 - * smack_inode_free_rcu - Free inode_smack blob from cache 888 - * @head: the rcu_head for getting inode_smack pointer 889 - * 890 - * Call back function called from call_rcu() to free 891 - * the i_security blob pointer in inode 892 - */ 893 - static void smack_inode_free_rcu(struct rcu_head *head) 894 - { 895 - struct inode_smack *issp; 896 - 897 - issp = container_of(head, struct inode_smack, smk_rcu); 898 - kmem_cache_free(smack_inode_cache, issp); 899 - } 900 - 901 - /** 902 - * smack_inode_free_security - free an inode blob using call_rcu() 903 - * @inode: the inode with a blob 904 - * 905 - * Clears the blob pointer in inode using RCU 906 - */ 907 - static void smack_inode_free_security(struct inode *inode) 908 - { 909 - struct inode_smack *issp = inode->i_security; 910 - 911 - /* 912 - * The inode may still be referenced in a path walk and 913 - * a call to smack_inode_permission() can be made 914 - * after smack_inode_free_security() is called. 915 - * To avoid race condition free the i_security via RCU 916 - * and leave the current inode->i_security pointer intact. 917 - * The inode will be freed after the RCU grace period too. 918 - */ 919 - call_rcu(&issp->smk_rcu, smack_inode_free_rcu); 920 895 } 921 896 922 897 /** ··· 896 947 const struct qstr *qstr, const char **name, 897 948 void **value, size_t *len) 898 949 { 899 - struct inode_smack *issp = inode->i_security; 950 + struct inode_smack *issp = smack_inode(inode); 900 951 struct smack_known *skp = smk_of_current(); 901 952 struct smack_known *isp = smk_of_inode(inode); 902 953 struct smack_known *dsp = smk_of_inode(dir); ··· 1234 1285 const void *value, size_t size, int flags) 1235 1286 { 1236 1287 struct smack_known *skp; 1237 - struct inode_smack *isp = d_backing_inode(dentry)->i_security; 1288 + struct inode_smack *isp = smack_inode(d_backing_inode(dentry)); 1238 1289 1239 1290 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 1240 1291 isp->smk_flags |= SMK_INODE_TRANSMUTE; ··· 1315 1366 if (rc != 0) 1316 1367 return rc; 1317 1368 1318 - isp = d_backing_inode(dentry)->i_security; 1369 + isp = smack_inode(d_backing_inode(dentry)); 1319 1370 /* 1320 1371 * Don't do anything special for these. 1321 1372 * XATTR_NAME_SMACKIPIN ··· 1447 1498 */ 1448 1499 static int smack_file_alloc_security(struct file *file) 1449 1500 { 1450 - struct smack_known *skp = smk_of_current(); 1501 + struct smack_known **blob = smack_file(file); 1451 1502 1452 - file->f_security = skp; 1503 + *blob = smk_of_current(); 1453 1504 return 0; 1454 - } 1455 - 1456 - /** 1457 - * smack_file_free_security - clear a file security blob 1458 - * @file: the object 1459 - * 1460 - * The security blob for a file is a pointer to the master 1461 - * label list, so no memory is freed. 1462 - */ 1463 - static void smack_file_free_security(struct file *file) 1464 - { 1465 - file->f_security = NULL; 1466 1505 } 1467 1506 1468 1507 /** ··· 1590 1653 if (unlikely(IS_PRIVATE(file_inode(file)))) 1591 1654 return 0; 1592 1655 1593 - isp = file_inode(file)->i_security; 1656 + isp = smack_inode(file_inode(file)); 1594 1657 if (isp->smk_mmap == NULL) 1595 1658 return 0; 1596 1659 sbsp = file_inode(file)->i_sb->s_security; ··· 1599 1662 return -EACCES; 1600 1663 mkp = isp->smk_mmap; 1601 1664 1602 - tsp = current_security(); 1665 + tsp = smack_cred(current_cred()); 1603 1666 skp = smk_of_current(); 1604 1667 rc = 0; 1605 1668 ··· 1677 1740 */ 1678 1741 static void smack_file_set_fowner(struct file *file) 1679 1742 { 1680 - file->f_security = smk_of_current(); 1743 + struct smack_known **blob = smack_file(file); 1744 + 1745 + *blob = smk_of_current(); 1681 1746 } 1682 1747 1683 1748 /** ··· 1696 1757 static int smack_file_send_sigiotask(struct task_struct *tsk, 1697 1758 struct fown_struct *fown, int signum) 1698 1759 { 1760 + struct smack_known **blob; 1699 1761 struct smack_known *skp; 1700 - struct smack_known *tkp = smk_of_task(tsk->cred->security); 1762 + struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); 1701 1763 const struct cred *tcred; 1702 1764 struct file *file; 1703 1765 int rc; ··· 1710 1770 file = container_of(fown, struct file, f_owner); 1711 1771 1712 1772 /* we don't log here as rc can be overriden */ 1713 - skp = file->f_security; 1773 + blob = smack_file(file); 1774 + skp = *blob; 1714 1775 rc = smk_access(skp, tkp, MAY_DELIVER, NULL); 1715 1776 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); 1716 1777 ··· 1752 1811 if (inode->i_sb->s_magic == SOCKFS_MAGIC) { 1753 1812 sock = SOCKET_I(inode); 1754 1813 ssp = sock->sk->sk_security; 1755 - tsp = current_security(); 1814 + tsp = smack_cred(current_cred()); 1756 1815 /* 1757 1816 * If the receiving process can't write to the 1758 1817 * passed socket or if the passed socket can't ··· 1794 1853 */ 1795 1854 static int smack_file_open(struct file *file) 1796 1855 { 1797 - struct task_smack *tsp = file->f_cred->security; 1856 + struct task_smack *tsp = smack_cred(file->f_cred); 1798 1857 struct inode *inode = file_inode(file); 1799 1858 struct smk_audit_info ad; 1800 1859 int rc; ··· 1822 1881 */ 1823 1882 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1824 1883 { 1825 - struct task_smack *tsp; 1826 - 1827 - tsp = new_task_smack(NULL, NULL, gfp); 1828 - if (tsp == NULL) 1829 - return -ENOMEM; 1830 - 1831 - cred->security = tsp; 1832 - 1884 + init_task_smack(smack_cred(cred), NULL, NULL); 1833 1885 return 0; 1834 1886 } 1835 1887 ··· 1834 1900 */ 1835 1901 static void smack_cred_free(struct cred *cred) 1836 1902 { 1837 - struct task_smack *tsp = cred->security; 1903 + struct task_smack *tsp = smack_cred(cred); 1838 1904 struct smack_rule *rp; 1839 1905 struct list_head *l; 1840 1906 struct list_head *n; 1841 - 1842 - if (tsp == NULL) 1843 - return; 1844 - cred->security = NULL; 1845 1907 1846 1908 smk_destroy_label_list(&tsp->smk_relabel); 1847 1909 ··· 1846 1916 list_del(&rp->list); 1847 1917 kfree(rp); 1848 1918 } 1849 - kfree(tsp); 1850 1919 } 1851 1920 1852 1921 /** ··· 1859 1930 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1860 1931 gfp_t gfp) 1861 1932 { 1862 - struct task_smack *old_tsp = old->security; 1863 - struct task_smack *new_tsp; 1933 + struct task_smack *old_tsp = smack_cred(old); 1934 + struct task_smack *new_tsp = smack_cred(new); 1864 1935 int rc; 1865 1936 1866 - new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1867 - if (new_tsp == NULL) 1868 - return -ENOMEM; 1869 - 1870 - new->security = new_tsp; 1937 + init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task); 1871 1938 1872 1939 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1873 1940 if (rc != 0) ··· 1871 1946 1872 1947 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel, 1873 1948 gfp); 1874 - if (rc != 0) 1875 - return rc; 1876 - 1877 - return 0; 1949 + return rc; 1878 1950 } 1879 1951 1880 1952 /** ··· 1883 1961 */ 1884 1962 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1885 1963 { 1886 - struct task_smack *old_tsp = old->security; 1887 - struct task_smack *new_tsp = new->security; 1964 + struct task_smack *old_tsp = smack_cred(old); 1965 + struct task_smack *new_tsp = smack_cred(new); 1888 1966 1889 1967 new_tsp->smk_task = old_tsp->smk_task; 1890 1968 new_tsp->smk_forked = old_tsp->smk_task; 1891 1969 mutex_init(&new_tsp->smk_rules_lock); 1892 1970 INIT_LIST_HEAD(&new_tsp->smk_rules); 1893 - 1894 1971 1895 1972 /* cbs copy rule list */ 1896 1973 } ··· 1901 1980 * 1902 1981 * Sets the secid to contain a u32 version of the smack label. 1903 1982 */ 1904 - static void smack_cred_getsecid(const struct cred *c, u32 *secid) 1983 + static void smack_cred_getsecid(const struct cred *cred, u32 *secid) 1905 1984 { 1906 1985 struct smack_known *skp; 1907 1986 1908 1987 rcu_read_lock(); 1909 - skp = smk_of_task(c->security); 1988 + skp = smk_of_task(smack_cred(cred)); 1910 1989 *secid = skp->smk_secid; 1911 1990 rcu_read_unlock(); 1912 1991 } ··· 1920 1999 */ 1921 2000 static int smack_kernel_act_as(struct cred *new, u32 secid) 1922 2001 { 1923 - struct task_smack *new_tsp = new->security; 2002 + struct task_smack *new_tsp = smack_cred(new); 1924 2003 1925 2004 new_tsp->smk_task = smack_from_secid(secid); 1926 2005 return 0; ··· 1937 2016 static int smack_kernel_create_files_as(struct cred *new, 1938 2017 struct inode *inode) 1939 2018 { 1940 - struct inode_smack *isp = inode->i_security; 1941 - struct task_smack *tsp = new->security; 2019 + struct inode_smack *isp = smack_inode(inode); 2020 + struct task_smack *tsp = smack_cred(new); 1942 2021 1943 2022 tsp->smk_forked = isp->smk_inode; 1944 2023 tsp->smk_task = tsp->smk_forked; ··· 2122 2201 * specific behavior. This is not clean. For one thing 2123 2202 * we can't take privilege into account. 2124 2203 */ 2125 - skp = smk_of_task(cred->security); 2204 + skp = smk_of_task(smack_cred(cred)); 2126 2205 rc = smk_access(skp, tkp, MAY_DELIVER, &ad); 2127 2206 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); 2128 2207 return rc; ··· 2137 2216 */ 2138 2217 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 2139 2218 { 2140 - struct inode_smack *isp = inode->i_security; 2219 + struct inode_smack *isp = smack_inode(inode); 2141 2220 struct smack_known *skp = smk_of_task_struct(p); 2142 2221 2143 2222 isp->smk_inode = skp; ··· 2600 2679 const void *value, size_t size, int flags) 2601 2680 { 2602 2681 struct smack_known *skp; 2603 - struct inode_smack *nsp = inode->i_security; 2682 + struct inode_smack *nsp = smack_inode(inode); 2604 2683 struct socket_smack *ssp; 2605 2684 struct socket *sock; 2606 2685 int rc = 0; ··· 2809 2888 */ 2810 2889 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2811 2890 { 2812 - struct smack_known *skp = smk_of_current(); 2891 + struct smack_known **blob = smack_msg_msg(msg); 2813 2892 2814 - msg->security = skp; 2893 + *blob = smk_of_current(); 2815 2894 return 0; 2816 - } 2817 - 2818 - /** 2819 - * smack_msg_msg_free_security - Clear the security blob for msg_msg 2820 - * @msg: the object 2821 - * 2822 - * Clears the blob pointer 2823 - */ 2824 - static void smack_msg_msg_free_security(struct msg_msg *msg) 2825 - { 2826 - msg->security = NULL; 2827 2895 } 2828 2896 2829 2897 /** ··· 2823 2913 */ 2824 2914 static struct smack_known *smack_of_ipc(struct kern_ipc_perm *isp) 2825 2915 { 2826 - return (struct smack_known *)isp->security; 2916 + struct smack_known **blob = smack_ipc(isp); 2917 + 2918 + return *blob; 2827 2919 } 2828 2920 2829 2921 /** ··· 2836 2924 */ 2837 2925 static int smack_ipc_alloc_security(struct kern_ipc_perm *isp) 2838 2926 { 2839 - struct smack_known *skp = smk_of_current(); 2927 + struct smack_known **blob = smack_ipc(isp); 2840 2928 2841 - isp->security = skp; 2929 + *blob = smk_of_current(); 2842 2930 return 0; 2843 - } 2844 - 2845 - /** 2846 - * smack_ipc_free_security - Clear the security blob for ipc 2847 - * @isp: the object 2848 - * 2849 - * Clears the blob pointer 2850 - */ 2851 - static void smack_ipc_free_security(struct kern_ipc_perm *isp) 2852 - { 2853 - isp->security = NULL; 2854 2931 } 2855 2932 2856 2933 /** ··· 3139 3238 */ 3140 3239 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 3141 3240 { 3142 - struct smack_known *iskp = ipp->security; 3241 + struct smack_known **blob = smack_ipc(ipp); 3242 + struct smack_known *iskp = *blob; 3143 3243 int may = smack_flags_to_may(flag); 3144 3244 struct smk_audit_info ad; 3145 3245 int rc; ··· 3161 3259 */ 3162 3260 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 3163 3261 { 3164 - struct smack_known *iskp = ipp->security; 3262 + struct smack_known **blob = smack_ipc(ipp); 3263 + struct smack_known *iskp = *blob; 3165 3264 3166 3265 *secid = iskp->smk_secid; 3167 3266 } ··· 3190 3287 if (inode == NULL) 3191 3288 return; 3192 3289 3193 - isp = inode->i_security; 3290 + isp = smack_inode(inode); 3194 3291 3195 3292 mutex_lock(&isp->smk_lock); 3196 3293 /* ··· 3431 3528 */ 3432 3529 static int smack_setprocattr(const char *name, void *value, size_t size) 3433 3530 { 3434 - struct task_smack *tsp = current_security(); 3531 + struct task_smack *tsp = smack_cred(current_cred()); 3435 3532 struct cred *new; 3436 3533 struct smack_known *skp; 3437 3534 struct smack_known_list_elem *sklep; ··· 3472 3569 if (new == NULL) 3473 3570 return -ENOMEM; 3474 3571 3475 - tsp = new->security; 3572 + tsp = smack_cred(new); 3476 3573 tsp->smk_task = skp; 3477 3574 /* 3478 3575 * process can change its label only once ··· 4117 4214 static int smack_key_alloc(struct key *key, const struct cred *cred, 4118 4215 unsigned long flags) 4119 4216 { 4120 - struct smack_known *skp = smk_of_task(cred->security); 4217 + struct smack_known *skp = smk_of_task(smack_cred(cred)); 4121 4218 4122 4219 key->security = skp; 4123 4220 return 0; ··· 4148 4245 { 4149 4246 struct key *keyp; 4150 4247 struct smk_audit_info ad; 4151 - struct smack_known *tkp = smk_of_task(cred->security); 4248 + struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4152 4249 int request = 0; 4153 4250 int rc; 4154 4251 ··· 4423 4520 return -ENOMEM; 4424 4521 } 4425 4522 4426 - tsp = new_creds->security; 4523 + tsp = smack_cred(new_creds); 4427 4524 4428 4525 /* 4429 4526 * Get label from overlay inode and set it in create_sid 4430 4527 */ 4431 - isp = d_inode(dentry->d_parent)->i_security; 4528 + isp = smack_inode(d_inode(dentry->d_parent)); 4432 4529 skp = isp->smk_inode; 4433 4530 tsp->smk_task = skp; 4434 4531 *new = new_creds; ··· 4451 4548 const struct cred *old, 4452 4549 struct cred *new) 4453 4550 { 4454 - struct task_smack *otsp = old->security; 4455 - struct task_smack *ntsp = new->security; 4551 + struct task_smack *otsp = smack_cred(old); 4552 + struct task_smack *ntsp = smack_cred(new); 4456 4553 struct inode_smack *isp; 4457 4554 int may; 4458 4555 ··· 4465 4562 /* 4466 4563 * the attribute of the containing directory 4467 4564 */ 4468 - isp = d_inode(dentry->d_parent)->i_security; 4565 + isp = smack_inode(d_inode(dentry->d_parent)); 4469 4566 4470 4567 if (isp->smk_flags & SMK_INODE_TRANSMUTE) { 4471 4568 rcu_read_lock(); ··· 4485 4582 return 0; 4486 4583 } 4487 4584 4585 + struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { 4586 + .lbs_cred = sizeof(struct task_smack), 4587 + .lbs_file = sizeof(struct smack_known *), 4588 + .lbs_inode = sizeof(struct inode_smack), 4589 + .lbs_ipc = sizeof(struct smack_known *), 4590 + .lbs_msg_msg = sizeof(struct smack_known *), 4591 + }; 4592 + 4488 4593 static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 4489 4594 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4490 4595 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), ··· 4508 4597 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), 4509 4598 4510 4599 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), 4511 - LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), 4512 4600 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), 4513 4601 LSM_HOOK_INIT(inode_link, smack_inode_link), 4514 4602 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), ··· 4526 4616 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4527 4617 4528 4618 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4529 - LSM_HOOK_INIT(file_free_security, smack_file_free_security), 4530 4619 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), 4531 4620 LSM_HOOK_INIT(file_lock, smack_file_lock), 4532 4621 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), ··· 4561 4652 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), 4562 4653 4563 4654 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), 4564 - LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), 4565 4655 4566 4656 LSM_HOOK_INIT(msg_queue_alloc_security, smack_ipc_alloc_security), 4567 - LSM_HOOK_INIT(msg_queue_free_security, smack_ipc_free_security), 4568 4657 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), 4569 4658 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), 4570 4659 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), 4571 4660 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), 4572 4661 4573 4662 LSM_HOOK_INIT(shm_alloc_security, smack_ipc_alloc_security), 4574 - LSM_HOOK_INIT(shm_free_security, smack_ipc_free_security), 4575 4663 LSM_HOOK_INIT(shm_associate, smack_shm_associate), 4576 4664 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), 4577 4665 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), 4578 4666 4579 4667 LSM_HOOK_INIT(sem_alloc_security, smack_ipc_alloc_security), 4580 - LSM_HOOK_INIT(sem_free_security, smack_ipc_free_security), 4581 4668 LSM_HOOK_INIT(sem_associate, smack_sem_associate), 4582 4669 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), 4583 4670 LSM_HOOK_INIT(sem_semop, smack_sem_semop), ··· 4664 4759 */ 4665 4760 static __init int smack_init(void) 4666 4761 { 4667 - struct cred *cred; 4762 + struct cred *cred = (struct cred *) current->cred; 4668 4763 struct task_smack *tsp; 4669 - 4670 - if (!security_module_enable("smack")) 4671 - return 0; 4672 4764 4673 4765 smack_inode_cache = KMEM_CACHE(inode_smack, 0); 4674 4766 if (!smack_inode_cache) 4675 4767 return -ENOMEM; 4676 4768 4677 - tsp = new_task_smack(&smack_known_floor, &smack_known_floor, 4678 - GFP_KERNEL); 4679 - if (tsp == NULL) { 4680 - kmem_cache_destroy(smack_inode_cache); 4681 - return -ENOMEM; 4682 - } 4769 + lsm_early_cred(cred); 4683 4770 4771 + /* 4772 + * Set the security state for the initial task. 4773 + */ 4774 + tsp = smack_cred(cred); 4775 + init_task_smack(tsp, &smack_known_floor, &smack_known_floor); 4776 + 4777 + /* 4778 + * Register with LSM 4779 + */ 4780 + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4684 4781 smack_enabled = 1; 4685 4782 4686 4783 pr_info("Smack: Initializing.\n"); ··· 4696 4789 pr_info("Smack: IPv6 Netfilter enabled.\n"); 4697 4790 #endif 4698 4791 4699 - /* 4700 - * Set the security state for the initial task. 4701 - */ 4702 - cred = (struct cred *) current->cred; 4703 - cred->security = tsp; 4704 - 4705 4792 /* initialize the smack_known_list */ 4706 4793 init_smack_known_list(); 4707 - 4708 - /* 4709 - * Register with LSM 4710 - */ 4711 - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); 4712 4794 4713 4795 return 0; 4714 4796 } ··· 4708 4812 */ 4709 4813 DEFINE_LSM(smack) = { 4710 4814 .name = "smack", 4815 + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 4816 + .blobs = &smack_blob_sizes, 4711 4817 .init = smack_init, 4712 4818 };

+9 -9

security/smack/smackfs.c

··· 2208 2208 2209 2209 static void *load_self_seq_start(struct seq_file *s, loff_t *pos) 2210 2210 { 2211 - struct task_smack *tsp = current_security(); 2211 + struct task_smack *tsp = smack_cred(current_cred()); 2212 2212 2213 2213 return smk_seq_start(s, pos, &tsp->smk_rules); 2214 2214 } 2215 2215 2216 2216 static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) 2217 2217 { 2218 - struct task_smack *tsp = current_security(); 2218 + struct task_smack *tsp = smack_cred(current_cred()); 2219 2219 2220 2220 return smk_seq_next(s, v, pos, &tsp->smk_rules); 2221 2221 } ··· 2262 2262 static ssize_t smk_write_load_self(struct file *file, const char __user *buf, 2263 2263 size_t count, loff_t *ppos) 2264 2264 { 2265 - struct task_smack *tsp = current_security(); 2265 + struct task_smack *tsp = smack_cred(current_cred()); 2266 2266 2267 2267 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 2268 2268 &tsp->smk_rules_lock, SMK_FIXED24_FMT); ··· 2414 2414 2415 2415 static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) 2416 2416 { 2417 - struct task_smack *tsp = current_security(); 2417 + struct task_smack *tsp = smack_cred(current_cred()); 2418 2418 2419 2419 return smk_seq_start(s, pos, &tsp->smk_rules); 2420 2420 } 2421 2421 2422 2422 static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) 2423 2423 { 2424 - struct task_smack *tsp = current_security(); 2424 + struct task_smack *tsp = smack_cred(current_cred()); 2425 2425 2426 2426 return smk_seq_next(s, v, pos, &tsp->smk_rules); 2427 2427 } ··· 2467 2467 static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, 2468 2468 size_t count, loff_t *ppos) 2469 2469 { 2470 - struct task_smack *tsp = current_security(); 2470 + struct task_smack *tsp = smack_cred(current_cred()); 2471 2471 2472 2472 return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, 2473 2473 &tsp->smk_rules_lock, SMK_LONG_FMT); ··· 2681 2681 2682 2682 static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos) 2683 2683 { 2684 - struct task_smack *tsp = current_security(); 2684 + struct task_smack *tsp = smack_cred(current_cred()); 2685 2685 2686 2686 return smk_seq_start(s, pos, &tsp->smk_relabel); 2687 2687 } 2688 2688 2689 2689 static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos) 2690 2690 { 2691 - struct task_smack *tsp = current_security(); 2691 + struct task_smack *tsp = smack_cred(current_cred()); 2692 2692 2693 2693 return smk_seq_next(s, v, pos, &tsp->smk_relabel); 2694 2694 } ··· 2736 2736 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, 2737 2737 size_t count, loff_t *ppos) 2738 2738 { 2739 - struct task_smack *tsp = current_security(); 2739 + struct task_smack *tsp = smack_cred(current_cred()); 2740 2740 char *data; 2741 2741 int rc; 2742 2742 LIST_HEAD(list_tmp);

+20 -2

security/tomoyo/common.h

··· 29 29 #include <linux/in.h> 30 30 #include <linux/in6.h> 31 31 #include <linux/un.h> 32 + #include <linux/lsm_hooks.h> 32 33 #include <net/sock.h> 33 34 #include <net/af_unix.h> 34 35 #include <net/ip.h> ··· 1063 1062 /********** External variable definitions. **********/ 1064 1063 1065 1064 extern bool tomoyo_policy_loaded; 1065 + extern int tomoyo_enabled; 1066 1066 extern const char * const tomoyo_condition_keyword 1067 1067 [TOMOYO_MAX_CONDITION_KEYWORD]; 1068 1068 extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; ··· 1087 1085 extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; 1088 1086 extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; 1089 1087 extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; 1088 + extern struct lsm_blob_sizes tomoyo_blob_sizes; 1090 1089 1091 1090 /********** Inlined functions. **********/ 1092 1091 ··· 1200 1197 } 1201 1198 1202 1199 /** 1200 + * tomoyo_cred - Get a pointer to the tomoyo cred security blob 1201 + * @cred - the relevant cred 1202 + * 1203 + * Returns pointer to the tomoyo cred blob. 1204 + */ 1205 + static inline struct tomoyo_domain_info **tomoyo_cred(const struct cred *cred) 1206 + { 1207 + return cred->security + tomoyo_blob_sizes.lbs_cred; 1208 + } 1209 + 1210 + /** 1203 1211 * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. 1204 1212 * 1205 1213 * Returns pointer to "struct tomoyo_domain_info" for current thread. 1206 1214 */ 1207 1215 static inline struct tomoyo_domain_info *tomoyo_domain(void) 1208 1216 { 1209 - return current_cred()->security; 1217 + struct tomoyo_domain_info **blob = tomoyo_cred(current_cred()); 1218 + 1219 + return *blob; 1210 1220 } 1211 1221 1212 1222 /** ··· 1232 1216 static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct 1233 1217 *task) 1234 1218 { 1235 - return task_cred_xxx(task, security); 1219 + struct tomoyo_domain_info **blob = tomoyo_cred(get_task_cred(task)); 1220 + 1221 + return *blob; 1236 1222 } 1237 1223 1238 1224 /**

+3 -1

security/tomoyo/domain.c

··· 678 678 */ 679 679 int tomoyo_find_next_domain(struct linux_binprm *bprm) 680 680 { 681 + struct tomoyo_domain_info **blob; 681 682 struct tomoyo_domain_info *old_domain = tomoyo_domain(); 682 683 struct tomoyo_domain_info *domain = NULL; 683 684 const char *original_name = bprm->filename; ··· 844 843 domain = old_domain; 845 844 /* Update reference count on "struct tomoyo_domain_info". */ 846 845 atomic_inc(&domain->users); 847 - bprm->cred->security = domain; 846 + blob = tomoyo_cred(bprm->cred); 847 + *blob = domain; 848 848 kfree(exename.name); 849 849 if (!retval) { 850 850 ee->r.domain = domain;

+11 -4

security/tomoyo/securityfs_if.c

··· 71 71 if (!cred) { 72 72 error = -ENOMEM; 73 73 } else { 74 - struct tomoyo_domain_info *old_domain = 75 - cred->security; 76 - cred->security = new_domain; 74 + struct tomoyo_domain_info **blob; 75 + struct tomoyo_domain_info *old_domain; 76 + 77 + blob = tomoyo_cred(cred); 78 + old_domain = *blob; 79 + *blob = new_domain; 77 80 atomic_inc(&new_domain->users); 78 81 atomic_dec(&old_domain->users); 79 82 commit_creds(cred); ··· 237 234 */ 238 235 static int __init tomoyo_initerface_init(void) 239 236 { 237 + struct tomoyo_domain_info *domain; 240 238 struct dentry *tomoyo_dir; 241 239 240 + if (!tomoyo_enabled) 241 + return 0; 242 + domain = tomoyo_domain(); 242 243 /* Don't create securityfs entries unless registered. */ 243 - if (current_cred()->security != &tomoyo_kernel_domain) 244 + if (domain != &tomoyo_kernel_domain) 244 245 return 0; 245 246 246 247 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);

+38 -11

security/tomoyo/tomoyo.c

··· 18 18 */ 19 19 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) 20 20 { 21 - new->security = NULL; 21 + struct tomoyo_domain_info **blob = tomoyo_cred(new); 22 + 23 + *blob = NULL; 22 24 return 0; 23 25 } 24 26 ··· 36 34 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, 37 35 gfp_t gfp) 38 36 { 39 - struct tomoyo_domain_info *domain = old->security; 40 - new->security = domain; 37 + struct tomoyo_domain_info **old_blob = tomoyo_cred(old); 38 + struct tomoyo_domain_info **new_blob = tomoyo_cred(new); 39 + struct tomoyo_domain_info *domain; 40 + 41 + domain = *old_blob; 42 + *new_blob = domain; 43 + 41 44 if (domain) 42 45 atomic_inc(&domain->users); 43 46 return 0; ··· 66 59 */ 67 60 static void tomoyo_cred_free(struct cred *cred) 68 61 { 69 - struct tomoyo_domain_info *domain = cred->security; 62 + struct tomoyo_domain_info **blob = tomoyo_cred(cred); 63 + struct tomoyo_domain_info *domain = *blob; 64 + 70 65 if (domain) 71 66 atomic_dec(&domain->users); 72 67 } ··· 82 73 */ 83 74 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) 84 75 { 76 + struct tomoyo_domain_info **blob; 77 + struct tomoyo_domain_info *domain; 78 + 85 79 /* 86 80 * Do only if this function is called for the first time of an execve 87 81 * operation. ··· 105 93 * stored inside "bprm->cred->security" will be acquired later inside 106 94 * tomoyo_find_next_domain(). 107 95 */ 108 - atomic_dec(&((struct tomoyo_domain_info *) 109 - bprm->cred->security)->users); 96 + blob = tomoyo_cred(bprm->cred); 97 + domain = *blob; 98 + atomic_dec(&domain->users); 110 99 /* 111 100 * Tell tomoyo_bprm_check_security() is called for the first time of an 112 101 * execve operation. 113 102 */ 114 - bprm->cred->security = NULL; 103 + *blob = NULL; 115 104 return 0; 116 105 } 117 106 ··· 125 112 */ 126 113 static int tomoyo_bprm_check_security(struct linux_binprm *bprm) 127 114 { 128 - struct tomoyo_domain_info *domain = bprm->cred->security; 115 + struct tomoyo_domain_info **blob; 116 + struct tomoyo_domain_info *domain; 129 117 118 + blob = tomoyo_cred(bprm->cred); 119 + domain = *blob; 130 120 /* 131 121 * Execute permission is checked against pathname passed to do_execve() 132 122 * using current domain. ··· 509 493 return tomoyo_socket_sendmsg_permission(sock, msg, size); 510 494 } 511 495 496 + struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = { 497 + .lbs_cred = sizeof(struct tomoyo_domain_info *), 498 + }; 499 + 512 500 /* 513 501 * tomoyo_security_ops is a "struct security_operations" which is used for 514 502 * registering TOMOYO. ··· 551 531 /* Lock for GC. */ 552 532 DEFINE_SRCU(tomoyo_ss); 553 533 534 + int tomoyo_enabled __lsm_ro_after_init = 1; 535 + 554 536 /** 555 537 * tomoyo_init - Register TOMOYO Linux as a LSM module. 556 538 * ··· 561 539 static int __init tomoyo_init(void) 562 540 { 563 541 struct cred *cred = (struct cred *) current_cred(); 542 + struct tomoyo_domain_info **blob; 564 543 565 - if (!security_module_enable("tomoyo")) 566 - return 0; 567 544 /* register ourselves with the security framework */ 568 545 security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); 569 546 printk(KERN_INFO "TOMOYO Linux initialized\n"); 570 - cred->security = &tomoyo_kernel_domain; 547 + lsm_early_cred(cred); 548 + blob = tomoyo_cred(cred); 549 + *blob = &tomoyo_kernel_domain; 571 550 tomoyo_mm_init(); 551 + 572 552 return 0; 573 553 } 574 554 575 555 DEFINE_LSM(tomoyo) = { 576 556 .name = "tomoyo", 557 + .enabled = &tomoyo_enabled, 558 + .flags = LSM_FLAG_LEGACY_MAJOR, 559 + .blobs = &tomoyo_blob_sizes, 577 560 .init = tomoyo_init, 578 561 };

+7 -1

security/yama/yama_lsm.c

··· 477 477 static inline void yama_init_sysctl(void) { } 478 478 #endif /* CONFIG_SYSCTL */ 479 479 480 - void __init yama_add_hooks(void) 480 + static int __init yama_init(void) 481 481 { 482 482 pr_info("Yama: becoming mindful.\n"); 483 483 security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); 484 484 yama_init_sysctl(); 485 + return 0; 485 486 } 487 + 488 + DEFINE_LSM(yama) = { 489 + .name = "yama", 490 + .init = yama_init, 491 + };