exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
Today security_bprm_set_creds has several implementations: apparmor_bprm_set_creds, cap_bprm_set_creds, selinux_bprm_set_creds, smack_bprm_set_creds, and tomoyo_bprm_set_creds. Except for cap_bprm_set_creds they all test bprm->called_set_creds and return immediately if it is true. The function cap_bprm_set_creds ignores bprm->calld_sed_creds entirely. Create a new LSM hook security_bprm_creds_for_exec that is called just before prepare_binprm in __do_execve_file, resulting in a LSM hook that is called exactly once for the entire of exec. Modify the bits of security_bprm_set_creds that only want to be called once per exec into security_bprm_creds_for_exec, leaving only cap_bprm_set_creds behind. Remove bprm->called_set_creds all of it's former users have been moved to security_bprm_creds_for_exec. Add or upate comments a appropriate to bring them up to date and to reflect this change. Link: https://lkml.kernel.org/r/87v9kszrzh.fsf_-_@x220.int.ebiederm.org Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> # For the LSM and Smack bits Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
@@ -2286,7 +2286,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
static int selinux_bprm_set_creds(struct linux_binprm *bprm)
|
||||
static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm)
|
||||
{
|
||||
const struct task_security_struct *old_tsec;
|
||||
struct task_security_struct *new_tsec;
|
||||
@@ -2297,8 +2297,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
|
||||
|
||||
/* SELinux context only depends on initial program or script and not
|
||||
* the script interpreter */
|
||||
if (bprm->called_set_creds)
|
||||
return 0;
|
||||
|
||||
old_tsec = selinux_cred(current_cred());
|
||||
new_tsec = selinux_cred(bprm->cred);
|
||||
@@ -6385,7 +6383,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
|
||||
/* Permission checking based on the specified context is
|
||||
performed during the actual operation (execve,
|
||||
open/mkdir/...), when we know the full context of the
|
||||
operation. See selinux_bprm_set_creds for the execve
|
||||
operation. See selinux_bprm_creds_for_exec for the execve
|
||||
checks and may_create for the file creation checks. The
|
||||
operation will then fail if the context is not permitted. */
|
||||
tsec = selinux_cred(new);
|
||||
@@ -6914,7 +6912,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
||||
|
||||
LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
|
||||
|
||||
LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_creds_for_exec, selinux_bprm_creds_for_exec),
|
||||
LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
|
||||
LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
|
||||
|
||||
|
||||
Reference in New Issue
Block a user