summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-09-07 20:35:29 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2017-09-07 20:35:29 -0700
commit828f4257d1d33aed0f9ef82982dcb8ace8b7fe86 (patch)
treece9e1fc4eaae2c66e8a5bba25579c32c229352b4 /security/apparmor
parent44ccba3f7b230af1bd7ebe173cbf5803df1df486 (diff)
parentfe8993b3a05cbba6318a54e0f85901aaea6fc244 (diff)
downloadop-kernel-dev-828f4257d1d33aed0f9ef82982dcb8ace8b7fe86.zip
op-kernel-dev-828f4257d1d33aed0f9ef82982dcb8ace8b7fe86.tar.gz
Merge tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull secureexec update from Kees Cook: "This series has the ultimate goal of providing a sane stack rlimit when running set*id processes. To do this, the bprm_secureexec LSM hook is collapsed into the bprm_set_creds hook so the secureexec-ness of an exec can be determined early enough to make decisions about rlimits and the resulting memory layouts. Other logic acting on the secureexec-ness of an exec is similarly consolidated. Capabilities needed some special handling, but the refactoring removed other special handling, so that was a wash" * tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: exec: Consolidate pdeath_signal clearing exec: Use sane stack rlimit under secureexec exec: Consolidate dumpability logic smack: Remove redundant pdeath_signal clearing exec: Use secureexec for clearing pdeath_signal exec: Use secureexec for setting dumpability LSM: drop bprm_secureexec hook commoncap: Move cap_elevated calculation into bprm_set_creds commoncap: Refactor to remove bprm_secureexec hook smack: Refactor to remove bprm_secureexec hook selinux: Refactor to remove bprm_secureexec hook apparmor: Refactor to remove bprm_secureexec hook binfmt: Introduce secureexec flag exec: Correct comments about "point of no return" exec: Rename bprm->cred_prepared to called_set_creds
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/domain.c21
-rw-r--r--security/apparmor/include/domain.h1
-rw-r--r--security/apparmor/include/file.h3
-rw-r--r--security/apparmor/lsm.c1
4 files changed, 2 insertions, 24 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index d059444..17a601c 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -758,7 +758,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
file_inode(bprm->file)->i_mode
};
- if (bprm->cred_prepared)
+ if (bprm->called_set_creds)
return 0;
ctx = cred_ctx(bprm->cred);
@@ -807,7 +807,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
aa_label_printk(new, GFP_ATOMIC);
dbg_printk("\n");
}
- bprm->unsafe |= AA_SECURE_X_NEEDED;
+ bprm->secureexec = 1;
}
if (label->proxy != new->proxy) {
@@ -843,23 +843,6 @@ audit:
goto done;
}
-/**
- * apparmor_bprm_secureexec - determine if secureexec is needed
- * @bprm: binprm for exec (NOT NULL)
- *
- * Returns: %1 if secureexec is needed else %0
- */
-int apparmor_bprm_secureexec(struct linux_binprm *bprm)
-{
- /* the decision to use secure exec is computed in set_creds
- * and stored in bprm->unsafe.
- */
- if (bprm->unsafe & AA_SECURE_X_NEEDED)
- return 1;
-
- return 0;
-}
-
/*
* Functions for self directed profile change
*/
diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h
index bab5810..24c5976 100644
--- a/security/apparmor/include/domain.h
+++ b/security/apparmor/include/domain.h
@@ -30,7 +30,6 @@ struct aa_domain {
#define AA_CHANGE_STACK 8
int apparmor_bprm_set_creds(struct linux_binprm *bprm);
-int apparmor_bprm_secureexec(struct linux_binprm *bprm);
void aa_free_domain_entries(struct aa_domain *domain);
int aa_change_hat(const char *hats[], int count, u64 token, int flags);
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 001e400..4c2c8ac 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -101,9 +101,6 @@ static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx)
#define AA_X_INHERIT 0x4000
#define AA_X_UNCONFINED 0x8000
-/* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */
-#define AA_SECURE_X_NEEDED 0x8000
-
/* need to make conditional which ones are being set */
struct path_cond {
kuid_t uid;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 867bcd1..7a82c0f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -694,7 +694,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds),
LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds),
LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds),
- LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec),
LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
};
OpenPOWER on IntegriCloud