CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index 64af2d3..cf02490 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -39,7 +39,7 @@
int selinux_secmark_relabel_packet_permission(u32 sid)
{
if (selinux_enabled) {
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET,
PACKET__RELABELTO, NULL);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9f6da15..328308f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -167,21 +167,21 @@
return -ENOMEM;
tsec->osid = tsec->sid = SECINITSID_UNLABELED;
- task->security = tsec;
+ task->cred->security = tsec;
return 0;
}
static void task_free_security(struct task_struct *task)
{
- struct task_security_struct *tsec = task->security;
- task->security = NULL;
+ struct task_security_struct *tsec = task->cred->security;
+ task->cred->security = NULL;
kfree(tsec);
}
static int inode_alloc_security(struct inode *inode)
{
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct inode_security_struct *isec;
isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
@@ -215,7 +215,7 @@
static int file_alloc_security(struct file *file)
{
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct file_security_struct *fsec;
fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
@@ -554,7 +554,7 @@
struct security_mnt_opts *opts)
{
int rc = 0, i;
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct superblock_security_struct *sbsec = sb->s_security;
const char *name = sb->s_type->name;
struct inode *inode = sbsec->sb->s_root->d_inode;
@@ -1353,8 +1353,8 @@
{
struct task_security_struct *tsec1, *tsec2;
- tsec1 = tsk1->security;
- tsec2 = tsk2->security;
+ tsec1 = tsk1->cred->security;
+ tsec2 = tsk2->cred->security;
return avc_has_perm(tsec1->sid, tsec2->sid,
SECCLASS_PROCESS, perms, NULL);
}
@@ -1374,7 +1374,7 @@
u32 av = CAP_TO_MASK(cap);
int rc;
- tsec = tsk->security;
+ tsec = tsk->cred->security;
AVC_AUDIT_DATA_INIT(&ad, CAP);
ad.tsk = tsk;
@@ -1405,7 +1405,7 @@
{
struct task_security_struct *tsec;
- tsec = tsk->security;
+ tsec = tsk->cred->security;
return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
SECCLASS_SYSTEM, perms, NULL);
@@ -1426,7 +1426,7 @@
if (unlikely(IS_PRIVATE(inode)))
return 0;
- tsec = tsk->security;
+ tsec = tsk->cred->security;
isec = inode->i_security;
if (!adp) {
@@ -1466,7 +1466,7 @@
struct file *file,
u32 av)
{
- struct task_security_struct *tsec = tsk->security;
+ struct task_security_struct *tsec = tsk->cred->security;
struct file_security_struct *fsec = file->f_security;
struct inode *inode = file->f_path.dentry->d_inode;
struct avc_audit_data ad;
@@ -1503,7 +1503,7 @@
struct avc_audit_data ad;
int rc;
- tsec = current->security;
+ tsec = current->cred->security;
dsec = dir->i_security;
sbsec = dir->i_sb->s_security;
@@ -1540,7 +1540,7 @@
{
struct task_security_struct *tsec;
- tsec = ctx->security;
+ tsec = ctx->cred->security;
return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
}
@@ -1561,7 +1561,7 @@
u32 av;
int rc;
- tsec = current->security;
+ tsec = current->cred->security;
dsec = dir->i_security;
isec = dentry->d_inode->i_security;
@@ -1606,7 +1606,7 @@
int old_is_dir, new_is_dir;
int rc;
- tsec = current->security;
+ tsec = current->cred->security;
old_dsec = old_dir->i_security;
old_isec = old_dentry->d_inode->i_security;
old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
@@ -1659,7 +1659,7 @@
struct task_security_struct *tsec;
struct superblock_security_struct *sbsec;
- tsec = tsk->security;
+ tsec = tsk->cred->security;
sbsec = sb->s_security;
return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
perms, ad);
@@ -1758,8 +1758,8 @@
return rc;
if (mode == PTRACE_MODE_READ) {
- struct task_security_struct *tsec = current->security;
- struct task_security_struct *csec = child->security;
+ struct task_security_struct *tsec = current->cred->security;
+ struct task_security_struct *csec = child->cred->security;
return avc_has_perm(tsec->sid, csec->sid,
SECCLASS_FILE, FILE__READ, NULL);
}
@@ -1874,7 +1874,7 @@
if (rc)
return rc;
- tsec = current->security;
+ tsec = current->cred->security;
rc = selinux_sysctl_get_sid(table, (op == 0001) ?
SECCLASS_DIR : SECCLASS_FILE, &tsid);
@@ -2025,7 +2025,7 @@
if (bsec->set)
return 0;
- tsec = current->security;
+ tsec = current->cred->security;
isec = inode->i_security;
/* Default to the current task SID. */
@@ -2090,7 +2090,7 @@
static int selinux_bprm_secureexec(struct linux_binprm *bprm)
{
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
int atsecure = 0;
if (tsec->osid != tsec->sid) {
@@ -2214,7 +2214,7 @@
secondary_ops->bprm_apply_creds(bprm, unsafe);
- tsec = current->security;
+ tsec = current->cred->security;
bsec = bprm->security;
sid = bsec->sid;
@@ -2243,7 +2243,7 @@
rcu_read_lock();
tracer = tracehook_tracer_task(current);
if (likely(tracer != NULL)) {
- sec = tracer->security;
+ sec = tracer->cred->security;
ptsid = sec->sid;
}
rcu_read_unlock();
@@ -2274,7 +2274,7 @@
int rc, i;
unsigned long flags;
- tsec = current->security;
+ tsec = current->cred->security;
bsec = bprm->security;
if (bsec->unsafe) {
@@ -2521,7 +2521,7 @@
int rc;
char *namep = NULL, *context;
- tsec = current->security;
+ tsec = current->cred->security;
dsec = dir->i_security;
sbsec = dir->i_sb->s_security;
@@ -2706,7 +2706,7 @@
static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size, int flags)
{
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct inode *inode = dentry->d_inode;
struct inode_security_struct *isec = inode->i_security;
struct superblock_security_struct *sbsec;
@@ -2918,7 +2918,7 @@
static int selinux_file_permission(struct file *file, int mask)
{
struct inode *inode = file->f_path.dentry->d_inode;
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct file_security_struct *fsec = file->f_security;
struct inode_security_struct *isec = inode->i_security;
@@ -2995,7 +2995,8 @@
unsigned long addr, unsigned long addr_only)
{
int rc = 0;
- u32 sid = ((struct task_security_struct *)(current->security))->sid;
+ u32 sid = ((struct task_security_struct *)
+ (current->cred->security))->sid;
if (addr < mmap_min_addr)
rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
@@ -3107,7 +3108,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = current->security;
+ tsec = current->cred->security;
fsec = file->f_security;
fsec->fown_sid = tsec->sid;
@@ -3125,7 +3126,7 @@
/* struct fown_struct is never outside the context of a struct file */
file = container_of(fown, struct file, f_owner);
- tsec = tsk->security;
+ tsec = tsk->cred->security;
fsec = file->f_security;
if (!signum)
@@ -3188,12 +3189,12 @@
struct task_security_struct *tsec1, *tsec2;
int rc;
- tsec1 = current->security;
+ tsec1 = current->cred->security;
rc = task_alloc_security(tsk);
if (rc)
return rc;
- tsec2 = tsk->security;
+ tsec2 = tsk->cred->security;
tsec2->osid = tsec1->osid;
tsec2->sid = tsec1->sid;
@@ -3251,7 +3252,7 @@
static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
{
- struct task_security_struct *tsec = p->security;
+ struct task_security_struct *tsec = p->cred->security;
*secid = tsec->sid;
}
@@ -3343,7 +3344,7 @@
perm = PROCESS__SIGNULL; /* null signal; existence test */
else
perm = signal_to_av(sig);
- tsec = p->security;
+ tsec = p->cred->security;
if (secid)
rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
else
@@ -3375,7 +3376,7 @@
secondary_ops->task_reparent_to_init(p);
- tsec = p->security;
+ tsec = p->cred->security;
tsec->osid = tsec->sid;
tsec->sid = SECINITSID_KERNEL;
return;
@@ -3384,7 +3385,7 @@
static void selinux_task_to_inode(struct task_struct *p,
struct inode *inode)
{
- struct task_security_struct *tsec = p->security;
+ struct task_security_struct *tsec = p->cred->security;
struct inode_security_struct *isec = inode->i_security;
isec->sid = tsec->sid;
@@ -3632,7 +3633,7 @@
struct avc_audit_data ad;
int err = 0;
- tsec = task->security;
+ tsec = task->cred->security;
isec = SOCK_INODE(sock)->i_security;
if (isec->sid == SECINITSID_KERNEL)
@@ -3656,7 +3657,7 @@
if (kern)
goto out;
- tsec = current->security;
+ tsec = current->cred->security;
newsid = tsec->sockcreate_sid ? : tsec->sid;
err = avc_has_perm(tsec->sid, newsid,
socket_type_to_security_class(family, type,
@@ -3677,7 +3678,7 @@
isec = SOCK_INODE(sock)->i_security;
- tsec = current->security;
+ tsec = current->cred->security;
newsid = tsec->sockcreate_sid ? : tsec->sid;
isec->sclass = socket_type_to_security_class(family, type, protocol);
isec->sid = kern ? SECINITSID_KERNEL : newsid;
@@ -3723,7 +3724,7 @@
struct sock *sk = sock->sk;
u32 sid, node_perm;
- tsec = current->security;
+ tsec = current->cred->security;
isec = SOCK_INODE(sock)->i_security;
if (family == PF_INET) {
@@ -4764,7 +4765,7 @@
struct kern_ipc_perm *perm,
u16 sclass)
{
- struct task_security_struct *tsec = task->security;
+ struct task_security_struct *tsec = task->cred->security;
struct ipc_security_struct *isec;
isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
@@ -4814,7 +4815,7 @@
struct ipc_security_struct *isec;
struct avc_audit_data ad;
- tsec = current->security;
+ tsec = current->cred->security;
isec = ipc_perms->security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -4845,7 +4846,7 @@
if (rc)
return rc;
- tsec = current->security;
+ tsec = current->cred->security;
isec = msq->q_perm.security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -4871,7 +4872,7 @@
struct ipc_security_struct *isec;
struct avc_audit_data ad;
- tsec = current->security;
+ tsec = current->cred->security;
isec = msq->q_perm.security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -4917,7 +4918,7 @@
struct avc_audit_data ad;
int rc;
- tsec = current->security;
+ tsec = current->cred->security;
isec = msq->q_perm.security;
msec = msg->security;
@@ -4965,7 +4966,7 @@
struct avc_audit_data ad;
int rc;
- tsec = target->security;
+ tsec = target->cred->security;
isec = msq->q_perm.security;
msec = msg->security;
@@ -4992,7 +4993,7 @@
if (rc)
return rc;
- tsec = current->security;
+ tsec = current->cred->security;
isec = shp->shm_perm.security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -5018,7 +5019,7 @@
struct ipc_security_struct *isec;
struct avc_audit_data ad;
- tsec = current->security;
+ tsec = current->cred->security;
isec = shp->shm_perm.security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -5091,7 +5092,7 @@
if (rc)
return rc;
- tsec = current->security;
+ tsec = current->cred->security;
isec = sma->sem_perm.security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -5117,7 +5118,7 @@
struct ipc_security_struct *isec;
struct avc_audit_data ad;
- tsec = current->security;
+ tsec = current->cred->security;
isec = sma->sem_perm.security;
AVC_AUDIT_DATA_INIT(&ad, IPC);
@@ -5224,7 +5225,7 @@
return error;
}
- tsec = p->security;
+ tsec = p->cred->security;
if (!strcmp(name, "current"))
sid = tsec->sid;
@@ -5308,7 +5309,7 @@
operation. See selinux_bprm_set_security for the execve
checks and may_create for the file creation checks. The
operation will then fail if the context is not permitted. */
- tsec = p->security;
+ tsec = p->cred->security;
if (!strcmp(name, "exec"))
tsec->exec_sid = sid;
else if (!strcmp(name, "fscreate"))
@@ -5361,7 +5362,8 @@
rcu_read_lock();
tracer = tracehook_tracer_task(p);
if (tracer != NULL) {
- struct task_security_struct *ptsec = tracer->security;
+ struct task_security_struct *ptsec =
+ tracer->cred->security;
u32 ptsid = ptsec->sid;
rcu_read_unlock();
error = avc_has_perm_noaudit(ptsid, sid,
@@ -5405,7 +5407,7 @@
static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
unsigned long flags)
{
- struct task_security_struct *tsec = tsk->security;
+ struct task_security_struct *tsec = tsk->cred->security;
struct key_security_struct *ksec;
ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
@@ -5439,7 +5441,7 @@
key = key_ref_to_ptr(key_ref);
- tsec = ctx->security;
+ tsec = ctx->cred->security;
ksec = key->security;
/* if no specific permissions are requested, we skip the
@@ -5683,7 +5685,7 @@
/* Set the security state for the initial task. */
if (task_alloc_security(current))
panic("SELinux: Failed to initialize initial task.\n");
- tsec = current->security;
+ tsec = current->cred->security;
tsec->osid = tsec->sid = SECINITSID_KERNEL;
sel_inode_cache = kmem_cache_create("selinux_inode_security",
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 69c9dcc..10715d1 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -97,7 +97,7 @@
{
struct task_security_struct *tsec;
- tsec = tsk->security;
+ tsec = tsk->cred->security;
if (!tsec)
return -EACCES;
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 8f17f54..d7db766 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -197,7 +197,7 @@
struct xfrm_user_sec_ctx *uctx, u32 sid)
{
int rc = 0;
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct xfrm_sec_ctx *ctx = NULL;
char *ctx_str = NULL;
u32 str_len;
@@ -333,7 +333,7 @@
*/
int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
int rc = 0;
if (ctx) {
@@ -378,7 +378,7 @@
*/
int selinux_xfrm_state_delete(struct xfrm_state *x)
{
- struct task_security_struct *tsec = current->security;
+ struct task_security_struct *tsec = current->cred->security;
struct xfrm_sec_ctx *ctx = x->security;
int rc = 0;