-3

init/Kconfig

reviewed

··· 962 962 # The rare drivers that won't build 963 963 depends on ANDROID_BINDER_IPC = n 964 964 965 965 - # Security modules 966 966 - depends on SECURITY_TOMOYO = n 967 967 - 968 965 config UIDGID_STRICT_TYPE_CHECKS 969 966 bool "Require conversions between uid/gids and their internal representation" 970 967 depends on UIDGID_CONVERTED

+16 -7

security/tomoyo/audit.c

reviewed

··· 168 168 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, 169 169 tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, 170 170 tomoyo_sys_getpid(), tomoyo_sys_getppid(), 171 171 - current_uid(), current_gid(), current_euid(), 172 172 - current_egid(), current_suid(), current_sgid(), 173 173 - current_fsuid(), current_fsgid()); 171 171 + from_kuid(&init_user_ns, current_uid()), 172 172 + from_kgid(&init_user_ns, current_gid()), 173 173 + from_kuid(&init_user_ns, current_euid()), 174 174 + from_kgid(&init_user_ns, current_egid()), 175 175 + from_kuid(&init_user_ns, current_suid()), 176 176 + from_kgid(&init_user_ns, current_sgid()), 177 177 + from_kuid(&init_user_ns, current_fsuid()), 178 178 + from_kgid(&init_user_ns, current_fsgid())); 174 179 if (!obj) 175 180 goto no_obj_info; 176 181 if (!obj->validate_done) { ··· 196 191 tomoyo_buffer_len - 1 - pos, 197 192 " path%u.parent={ uid=%u gid=%u " 198 193 "ino=%lu perm=0%o }", (i >> 1) + 1, 199 199 - stat->uid, stat->gid, (unsigned long) 200 200 - stat->ino, stat->mode & S_IALLUGO); 194 194 + from_kuid(&init_user_ns, stat->uid), 195 195 + from_kgid(&init_user_ns, stat->gid), 196 196 + (unsigned long)stat->ino, 197 197 + stat->mode & S_IALLUGO); 201 198 continue; 202 199 } 203 200 pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, 204 201 " path%u={ uid=%u gid=%u ino=%lu major=%u" 205 202 " minor=%u perm=0%o type=%s", (i >> 1) + 1, 206 206 - stat->uid, stat->gid, (unsigned long) 207 207 - stat->ino, MAJOR(dev), MINOR(dev), 203 203 + from_kuid(&init_user_ns, stat->uid), 204 204 + from_kgid(&init_user_ns, stat->gid), 205 205 + (unsigned long)stat->ino, 206 206 + MAJOR(dev), MINOR(dev), 208 207 mode & S_IALLUGO, tomoyo_filetype(mode)); 209 208 if (S_ISCHR(mode) || S_ISBLK(mode)) { 210 209 dev = stat->rdev;

+3 -1

security/tomoyo/common.c

reviewed

··· 925 925 926 926 if (!tomoyo_policy_loaded) 927 927 return true; 928 928 - if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 928 928 + if (!tomoyo_manage_by_non_root && 929 929 + (!uid_eq(task->cred->uid, GLOBAL_ROOT_UID) || 930 930 + !uid_eq(task->cred->euid, GLOBAL_ROOT_UID))) 929 931 return false; 930 932 exe = tomoyo_get_exe(); 931 933 if (!exe)

+2 -2

security/tomoyo/common.h

reviewed

··· 561 561 562 562 /* Subset of "struct stat". Used by conditional ACL and audit logs. */ 563 563 struct tomoyo_mini_stat { 564 564 - uid_t uid; 565 565 - gid_t gid; 564 564 + kuid_t uid; 565 565 + kgid_t gid; 566 566 ino_t ino; 567 567 umode_t mode; 568 568 dev_t dev;

+10 -10

security/tomoyo/condition.c

reviewed

··· 813 813 unsigned long value = 0; 814 814 switch (index) { 815 815 case TOMOYO_TASK_UID: 816 816 - value = current_uid(); 816 816 + value = from_kuid(&init_user_ns, current_uid()); 817 817 break; 818 818 case TOMOYO_TASK_EUID: 819 819 - value = current_euid(); 819 819 + value = from_kuid(&init_user_ns, current_euid()); 820 820 break; 821 821 case TOMOYO_TASK_SUID: 822 822 - value = current_suid(); 822 822 + value = from_kuid(&init_user_ns, current_suid()); 823 823 break; 824 824 case TOMOYO_TASK_FSUID: 825 825 - value = current_fsuid(); 825 825 + value = from_kuid(&init_user_ns, current_fsuid()); 826 826 break; 827 827 case TOMOYO_TASK_GID: 828 828 - value = current_gid(); 828 828 + value = from_kgid(&init_user_ns, current_gid()); 829 829 break; 830 830 case TOMOYO_TASK_EGID: 831 831 - value = current_egid(); 831 831 + value = from_kgid(&init_user_ns, current_egid()); 832 832 break; 833 833 case TOMOYO_TASK_SGID: 834 834 - value = current_sgid(); 834 834 + value = from_kgid(&init_user_ns, current_sgid()); 835 835 break; 836 836 case TOMOYO_TASK_FSGID: 837 837 - value = current_fsgid(); 837 837 + value = from_kgid(&init_user_ns, current_fsgid()); 838 838 break; 839 839 case TOMOYO_TASK_PID: 840 840 value = tomoyo_sys_getpid(); ··· 970 970 case TOMOYO_PATH2_UID: 971 971 case TOMOYO_PATH1_PARENT_UID: 972 972 case TOMOYO_PATH2_PARENT_UID: 973 973 - value = stat->uid; 973 973 + value = from_kuid(&init_user_ns, stat->uid); 974 974 break; 975 975 case TOMOYO_PATH1_GID: 976 976 case TOMOYO_PATH2_GID: 977 977 case TOMOYO_PATH1_PARENT_GID: 978 978 case TOMOYO_PATH2_PARENT_GID: 979 979 - value = stat->gid; 979 979 + value = from_kgid(&init_user_ns, stat->gid); 980 980 break; 981 981 case TOMOYO_PATH1_INO: 982 982 case TOMOYO_PATH2_INO: