diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 21:11:41 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 21:11:41 +0300 |
| commit | 3612605a5a5bc3d3ae0ec861328be8a2990f2c7a (patch) | |
| tree | 6c387085155874bdf15ff9eec539c15801880734 /security/smack | |
| parent | 62f8e6c5dcb6666e7da402aea28fcf846eea144c (diff) | |
| parent | df0ce17331e2501dbffc060041dfc6c5f85227b5 (diff) | |
| download | linux-3612605a5a5bc3d3ae0ec861328be8a2990f2c7a.tar.xz | |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull general security layer updates from James Morris:
- Convert security hooks from list to hlist, a nice cleanup, saving
about 50% of space, from Sargun Dhillon.
- Only pass the cred, not the secid, to kill_pid_info_as_cred and
security_task_kill (as the secid can be determined from the cred),
from Stephen Smalley.
- Close a potential race in kernel_read_file(), by making the file
unwritable before calling the LSM check (vs after), from Kees Cook.
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
security: convert security hooks to use hlist
exec: Set file unwritable before LSM check
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack_lsm.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0735b8db158b..57fef8e04658 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2228,15 +2228,13 @@ static int smack_task_movememory(struct task_struct *p) * @p: the task object * @info: unused * @sig: unused - * @secid: identifies the smack to use in lieu of current's + * @cred: identifies the cred to use in lieu of current's * * Return 0 if write access is permitted * - * The secid behavior is an artifact of an SELinux hack - * in the USB code. Someday it may go away. */ static int smack_task_kill(struct task_struct *p, struct siginfo *info, - int sig, u32 secid) + int sig, const struct cred *cred) { struct smk_audit_info ad; struct smack_known *skp; @@ -2252,17 +2250,17 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, * Sending a signal requires that the sender * can write the receiver. */ - if (secid == 0) { + if (cred == NULL) { rc = smk_curacc(tkp, MAY_DELIVER, &ad); rc = smk_bu_task(p, MAY_DELIVER, rc); return rc; } /* - * If the secid isn't 0 we're dealing with some USB IO + * If the cred isn't NULL we're dealing with some USB IO * specific behavior. This is not clean. For one thing * we can't take privilege into account. */ - skp = smack_from_secid(secid); + skp = smk_of_task(cred->security); rc = smk_access(skp, tkp, MAY_DELIVER, &ad); rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); return rc; |