xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TOMOYO: Abstract use of cred security blob

Browse Source 
Don't use the cred->security pointer directly.
Provide helper functions that provide the security blob pointer.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Casey Schaufler
2018-09-21 17:18:07 -07:00
committed by Kees Cook
parent 69b5a44a95
commit 43fc460907
4 changed files with 64 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
security/tomoyo/tomoyo.c
View File

@@ -18,7 +18,9 @@
*/
static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
{
new->security = NULL;
struct tomoyo_domain_info **blob = tomoyo_cred(new);
*blob = NULL;
return 0;
}
@@ -34,8 +36,13 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
gfp_t gfp)
{
struct tomoyo_domain_info *domain = old->security;
new->security = domain;
struct tomoyo_domain_info **old_blob = tomoyo_cred(old);
struct tomoyo_domain_info **new_blob = tomoyo_cred(new);
struct tomoyo_domain_info *domain;
domain = *old_blob;
*new_blob = domain;
if (domain)
atomic_inc(&domain->users);
return 0;
@@ -59,7 +66,9 @@ static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
*/
static void tomoyo_cred_free(struct cred *cred)
{
struct tomoyo_domain_info *domain = cred->security;
struct tomoyo_domain_info **blob = tomoyo_cred(cred);
struct tomoyo_domain_info *domain = *blob;
if (domain)
atomic_dec(&domain->users);
}
@@ -73,6 +82,9 @@ static void tomoyo_cred_free(struct cred *cred)
*/
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
{
struct tomoyo_domain_info **blob;
struct tomoyo_domain_info *domain;
/*
* Do only if this function is called for the first time of an execve
* operation.
@@ -93,13 +105,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
* stored inside "bprm->cred->security" will be acquired later inside
* tomoyo_find_next_domain().
*/
atomic_dec(&((struct tomoyo_domain_info *)
bprm->cred->security)->users);
blob = tomoyo_cred(bprm->cred);
domain = *blob;
atomic_dec(&domain->users);
/*
* Tell tomoyo_bprm_check_security() is called for the first time of an
* execve operation.
*/
bprm->cred->security = NULL;
*blob = NULL;
return 0;
}
@@ -112,8 +125,11 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
*/
static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
{
struct tomoyo_domain_info *domain = bprm->cred->security;
struct tomoyo_domain_info **blob;
struct tomoyo_domain_info *domain;
blob = tomoyo_cred(bprm->cred);
domain = *blob;
/*
* Execute permission is checked against pathname passed to do_execve()
* using current domain.
@@ -531,6 +547,8 @@ static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
/* Lock for GC. */
DEFINE_SRCU(tomoyo_ss);
int tomoyo_enabled __lsm_ro_after_init = 1;
/**
* tomoyo_init - Register TOMOYO Linux as a LSM module.
*
@@ -539,17 +557,21 @@ DEFINE_SRCU(tomoyo_ss);
static int __init tomoyo_init(void)
{
struct cred *cred = (struct cred *) current_cred();
struct tomoyo_domain_info **blob;
/* register ourselves with the security framework */
security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
printk(KERN_INFO "TOMOYO Linux initialized\n");
cred->security = &tomoyo_kernel_domain;
blob = tomoyo_cred(cred);
*blob = &tomoyo_kernel_domain;
tomoyo_mm_init();
return 0;
}
DEFINE_LSM(tomoyo) = {
.name = "tomoyo",
.enabled = &tomoyo_enabled,
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
.init = tomoyo_init,
};