Re: [PATCH 06/37] Security: Separate task security context from task_struct
--- David Howells <[EMAIL PROTECTED]> wrote:
> Separate the task security context from task_struct. At this point, the
> security data is temporarily embedded in the task_struct with two pointers
> pointing to it.
> ...
> diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
> index f6b5f6e..722752f 100644
> --- a/security/smack/smack_access.c
> +++ b/security/smack/smack_access.c
> @@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode)
> {
> int rc;
>
> - rc = smk_access(current->security, obj_label, mode);
> + rc = smk_access(current->act_as->security, obj_label, mode);
> if (rc == 0)
> return 0;
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 25cbfa3..a49d94f 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -102,7 +102,8 @@ static int smack_ptrace(struct task_struct *ptp, struct
> task_struct *ctp)
> if (rc != 0)
> return rc;
>
> - rc = smk_access(ptp->security, ctp->security, MAY_READWRITE);
> + rc = smk_access(ptp->act_as->security, ctp->sec->security,
> + MAY_READWRITE);
> if (rc != 0 && __capable(ptp, CAP_MAC_OVERRIDE))
> return 0;
>
> @@ -120,7 +121,7 @@ static int smack_ptrace(struct task_struct *ptp, struct
> task_struct *ctp)
> static int smack_syslog(int type)
> {
> int rc;
> - char *sp = current->security;
> + char *sp = current->act_as->security;
>
> rc = cap_syslog(type);
> if (rc != 0)
> @@ -359,7 +360,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int
> flags)
> */
> static int smack_inode_alloc_security(struct inode *inode)
> {
> - inode->i_security = new_inode_smack(current->security);
> + inode->i_security = new_inode_smack(current->act_as->security);
> if (inode->i_security == NULL)
> return -ENOMEM;
> return 0;
> @@ -777,7 +778,7 @@ static int smack_file_permission(struct file *file, int
> mask)
> */
> static int smack_file_alloc_security(struct file *file)
> {
> - file->f_security = current->security;
> + file->f_security = current->act_as->security;
> return 0;
> }
>
> @@ -875,7 +876,7 @@ static int smack_file_fcntl(struct file *file, unsigned
> int cmd,
> */
> static int smack_file_set_fowner(struct file *file)
> {
> - file->f_security = current->security;
> + file->f_security = current->act_as->security;
> return 0;
> }
>
> @@ -900,7 +901,7 @@ static int smack_file_send_sigiotask(struct task_struct
> *tsk,
>* struct fown_struct is never outside the context of a struct file
>*/
> file = container_of(fown, struct file, f_owner);
> - rc = smk_access(file->f_security, tsk->security, MAY_WRITE);
> + rc = smk_access(file->f_security, tsk->sec->security, MAY_WRITE);
> if (rc != 0 && __capable(tsk, CAP_MAC_OVERRIDE))
> return 0;
> return rc;
> @@ -943,7 +944,7 @@ static int smack_file_receive(struct file *file)
> */
> static int smack_task_alloc_security(struct task_struct *tsk)
> {
> - tsk->security = current->security;
> + tsk->sec->security = current->act_as->security;
>
> return 0;
> }
> @@ -958,7 +959,7 @@ static int smack_task_alloc_security(struct task_struct
> *tsk)
> */
> static void smack_task_free_security(struct task_struct *task)
> {
> - task->security = NULL;
> + task->sec->security = NULL;
> }
>
> /**
> @@ -970,7 +971,7 @@ static void smack_task_free_security(struct task_struct
> *task)
> */
> static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
> {
> - return smk_curacc(p->security, MAY_WRITE);
> + return smk_curacc(p->sec->security, MAY_WRITE);
> }
>
> /**
> @@ -981,7 +982,7 @@ static int smack_task_setpgid(struct task_struct *p,
> pid_t pgid)
> */
> static int smack_task_getpgid(struct task_struct *p)
> {
> - return smk_curacc(p->security, MAY_READ);
> + return smk_curacc(p->sec->security, MAY_READ);
> }
>
> /**
> @@ -992,7 +993,7 @@ static int smack_task_getpgid(struct task_struct *p)
> */
> static int smack_task_getsid(struct task_struct *p)
> {
> - return smk_curacc(p->security, MAY_READ);
> + return smk_curacc(p->sec->security, MAY_READ);
> }
>
> /**
> @@ -1004,7 +1005,7 @@ static int smack_task_getsid(struct task_struct *p)
> */
> static void smack_task_getsecid(struct task_struct *p, u32 *secid)
> {
> - *secid = smack_to_secid(p->security);
> + *secid = smack_to_secid(p->sec->security);
> }
>
> /**
> @@ -1016,7 +1017,7 @@ static void smack_task_getsecid(struct task_struct *p,
> u32 *secid)
> */
> static int smack_task_setnice(struct task_struct *p, int nice)
> {
> - return smk_curacc(p->security, MAY_WRITE);
> + return smk_curacc(p->sec->security, MAY_WRITE);
> }
>
> /**
> @@ -1028,7 +1029,7 @@ static int smack_task_setnice(struct task_struct *p,
> int nice)
>
Re: [PATCH 06/37] Security: Separate task security context from task_struct
--- David Howells [EMAIL PROTECTED] wrote:
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
...
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f6b5f6e..722752f 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode)
{
int rc;
- rc = smk_access(current-security, obj_label, mode);
+ rc = smk_access(current-act_as-security, obj_label, mode);
if (rc == 0)
return 0;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 25cbfa3..a49d94f 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -102,7 +102,8 @@ static int smack_ptrace(struct task_struct *ptp, struct
task_struct *ctp)
if (rc != 0)
return rc;
- rc = smk_access(ptp-security, ctp-security, MAY_READWRITE);
+ rc = smk_access(ptp-act_as-security, ctp-sec-security,
+ MAY_READWRITE);
if (rc != 0 __capable(ptp, CAP_MAC_OVERRIDE))
return 0;
@@ -120,7 +121,7 @@ static int smack_ptrace(struct task_struct *ptp, struct
task_struct *ctp)
static int smack_syslog(int type)
{
int rc;
- char *sp = current-security;
+ char *sp = current-act_as-security;
rc = cap_syslog(type);
if (rc != 0)
@@ -359,7 +360,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int
flags)
*/
static int smack_inode_alloc_security(struct inode *inode)
{
- inode-i_security = new_inode_smack(current-security);
+ inode-i_security = new_inode_smack(current-act_as-security);
if (inode-i_security == NULL)
return -ENOMEM;
return 0;
@@ -777,7 +778,7 @@ static int smack_file_permission(struct file *file, int
mask)
*/
static int smack_file_alloc_security(struct file *file)
{
- file-f_security = current-security;
+ file-f_security = current-act_as-security;
return 0;
}
@@ -875,7 +876,7 @@ static int smack_file_fcntl(struct file *file, unsigned
int cmd,
*/
static int smack_file_set_fowner(struct file *file)
{
- file-f_security = current-security;
+ file-f_security = current-act_as-security;
return 0;
}
@@ -900,7 +901,7 @@ static int smack_file_send_sigiotask(struct task_struct
*tsk,
* struct fown_struct is never outside the context of a struct file
*/
file = container_of(fown, struct file, f_owner);
- rc = smk_access(file-f_security, tsk-security, MAY_WRITE);
+ rc = smk_access(file-f_security, tsk-sec-security, MAY_WRITE);
if (rc != 0 __capable(tsk, CAP_MAC_OVERRIDE))
return 0;
return rc;
@@ -943,7 +944,7 @@ static int smack_file_receive(struct file *file)
*/
static int smack_task_alloc_security(struct task_struct *tsk)
{
- tsk-security = current-security;
+ tsk-sec-security = current-act_as-security;
return 0;
}
@@ -958,7 +959,7 @@ static int smack_task_alloc_security(struct task_struct
*tsk)
*/
static void smack_task_free_security(struct task_struct *task)
{
- task-security = NULL;
+ task-sec-security = NULL;
}
/**
@@ -970,7 +971,7 @@ static void smack_task_free_security(struct task_struct
*task)
*/
static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
{
- return smk_curacc(p-security, MAY_WRITE);
+ return smk_curacc(p-sec-security, MAY_WRITE);
}
/**
@@ -981,7 +982,7 @@ static int smack_task_setpgid(struct task_struct *p,
pid_t pgid)
*/
static int smack_task_getpgid(struct task_struct *p)
{
- return smk_curacc(p-security, MAY_READ);
+ return smk_curacc(p-sec-security, MAY_READ);
}
/**
@@ -992,7 +993,7 @@ static int smack_task_getpgid(struct task_struct *p)
*/
static int smack_task_getsid(struct task_struct *p)
{
- return smk_curacc(p-security, MAY_READ);
+ return smk_curacc(p-sec-security, MAY_READ);
}
/**
@@ -1004,7 +1005,7 @@ static int smack_task_getsid(struct task_struct *p)
*/
static void smack_task_getsecid(struct task_struct *p, u32 *secid)
{
- *secid = smack_to_secid(p-security);
+ *secid = smack_to_secid(p-sec-security);
}
/**
@@ -1016,7 +1017,7 @@ static void smack_task_getsecid(struct task_struct *p,
u32 *secid)
*/
static int smack_task_setnice(struct task_struct *p, int nice)
{
- return smk_curacc(p-security, MAY_WRITE);
+ return smk_curacc(p-sec-security, MAY_WRITE);
}
/**
@@ -1028,7 +1029,7 @@ static int smack_task_setnice(struct task_struct *p,
int nice)
*/
static int smack_task_setioprio(struct task_struct *p, int ioprio)
{
- return smk_curacc(p-security, MAY_WRITE);
+ return smk_curacc(p-sec-security, MAY_WRITE);
}
/**
@@ -1039,7 +1040,7 @@
Re: [PATCH 06/37] Security: Separate task security context from task_struct
On Fri, 8 Feb 2008, David Howells wrote: > Separate the task security context from task_struct. At this point, the > security data is temporarily embedded in the task_struct with two pointers > pointing to it. > > Alpha needs further alteration as it refers to UID & GID in entry.S via asm > offsets. > > Sparc needs further alteration as it refers to UID & GID in sclow.S via asm > offsets. > > Signed-off-by: David Howells <[EMAIL PROTECTED]> Reviewed-by: James Morris <[EMAIL PROTECTED]> (SELinux stuff mostly). -- James Morris <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 06/37] Security: Separate task security context from task_struct
On Fri, 8 Feb 2008, David Howells wrote: Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Alpha needs further alteration as it refers to UID GID in entry.S via asm offsets. Sparc needs further alteration as it refers to UID GID in sclow.S via asm offsets. Signed-off-by: David Howells [EMAIL PROTECTED] Reviewed-by: James Morris [EMAIL PROTECTED] (SELinux stuff mostly). -- James Morris [EMAIL PROTECTED] -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
