CRED: Allow kernel services to override LSM settings for task actions

struct user_struct;

struct cred;

struct inode;

/*

 * COW Supplementary groups list

extern void abort_creds(struct cred *);

extern const struct cred *override_creds(const struct cred *);

extern void revert_creds(const struct cred *);

extern struct cred *prepare_kernel_cred(struct task_struct *);

extern int change_create_files_as(struct cred *, struct inode *);

extern int set_security_override(struct cred *, u32);

extern int set_security_override_from_ctx(struct cred *, const char *);

extern int set_create_files_as(struct cred *, struct inode *);

extern void __init cred_init(void);

/**

 *	@new points to the new credentials.

 *	@old points to the original credentials.

 *	Install a new set of credentials.

 * @kernel_act_as:

 *	Set the credentials for a kernel service to act as (subjective context).

 *	@new points to the credentials to be modified.

 *	@secid specifies the security ID to be set

 *	The current task must be the one that nominated @secid.

 *	Return 0 if successful.

 * @kernel_create_files_as:

 *	Set the file creation context in a set of credentials to be the same as

 *	the objective context of the specified inode.

 *	@new points to the credentials to be modified.

 *	@inode points to the inode to use as a reference.

 *	The current task must be the one that nominated @inode.

 *	Return 0 if successful.

 * @task_setuid:

 *	Check permission before setting one or more of the user identity

 *	attributes of the current process.  The @flags parameter indicates

	int (*cred_prepare)(struct cred *new, const struct cred *old,

			    gfp_t gfp);

	void (*cred_commit)(struct cred *new, const struct cred *old);

	int (*kernel_act_as)(struct cred *new, u32 secid);

	int (*kernel_create_files_as)(struct cred *new, struct inode *inode);

	int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);

	int (*task_fix_setuid) (struct cred *new, const struct cred *old,

				int flags);

void security_cred_free(struct cred *cred);

int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);

void security_commit_creds(struct cred *new, const struct cred *old);

int security_kernel_act_as(struct cred *new, u32 secid);

int security_kernel_create_files_as(struct cred *new, struct inode *inode);

int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);

int security_task_fix_setuid(struct cred *new, const struct cred *old,

			     int flags);

{

}

static inline int security_kernel_act_as(struct cred *cred, u32 secid)

{

	return 0;

}

static inline int security_kernel_create_files_as(struct cred *cred,

						  struct inode *inode)

{

	return 0;

}

static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,

				       int flags)

{

	cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred),

				     0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);

}

/**

 * prepare_kernel_cred - Prepare a set of credentials for a kernel service

 * @daemon: A userspace daemon to be used as a reference

 *

 * Prepare a set of credentials for a kernel service.  This can then be used to

 * override a task's own credentials so that work can be done on behalf of that

 * task that requires a different subjective context.

 *

 * @daemon is used to provide a base for the security record, but can be NULL.

 * If @daemon is supplied, then the security data will be derived from that;

 * otherwise they'll be set to 0 and no groups, full capabilities and no keys.

 *

 * The caller may change these controls afterwards if desired.

 *

 * Returns the new credentials or NULL if out of memory.

 *

 * Does not take, and does not return holding current->cred_replace_mutex.

 */

struct cred *prepare_kernel_cred(struct task_struct *daemon)

{

	const struct cred *old;

	struct cred *new;

	new = kmem_cache_alloc(cred_jar, GFP_KERNEL);

	if (!new)

		return NULL;

	if (daemon)

		old = get_task_cred(daemon);

	else

		old = get_cred(&init_cred);

	get_uid(new->user);

	get_group_info(new->group_info);

#ifdef CONFIG_KEYS

	atomic_inc(&init_tgcred.usage);

	new->tgcred = &init_tgcred;

	new->request_key_auth = NULL;

	new->thread_keyring = NULL;

	new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;

#endif

#ifdef CONFIG_SECURITY

	new->security = NULL;

#endif

	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)

		goto error;

	atomic_set(&new->usage, 1);

	put_cred(old);

	return new;

error:

	put_cred(new);

	return NULL;

}

EXPORT_SYMBOL(prepare_kernel_cred);

/**

 * set_security_override - Set the security ID in a set of credentials

 * @new: The credentials to alter

 * @secid: The LSM security ID to set

 *

 * Set the LSM security ID in a set of credentials so that the subjective

 * security is overridden when an alternative set of credentials is used.

 */

int set_security_override(struct cred *new, u32 secid)

{

	return security_kernel_act_as(new, secid);

}

EXPORT_SYMBOL(set_security_override);

/**

 * set_security_override_from_ctx - Set the security ID in a set of credentials

 * @new: The credentials to alter

 * @secctx: The LSM security context to generate the security ID from.

 *

 * Set the LSM security ID in a set of credentials so that the subjective

 * security is overridden when an alternative set of credentials is used.  The

 * security ID is specified in string form as a security context to be

 * interpreted by the LSM.

 */

int set_security_override_from_ctx(struct cred *new, const char *secctx)

{

	u32 secid;

	int ret;

	ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);

	if (ret < 0)

		return ret;

	return set_security_override(new, secid);

}

EXPORT_SYMBOL(set_security_override_from_ctx);

/**

 * set_create_files_as - Set the LSM file create context in a set of credentials

 * @new: The credentials to alter

 * @inode: The inode to take the context from

 *

 * Change the LSM file creation context in a set of credentials to be the same

 * as the object context of the specified inode, so that the new inodes have

 * the same MAC context as that inode.

 */

int set_create_files_as(struct cred *new, struct inode *inode)

{

	new->fsuid = inode->i_uid;

	new->fsgid = inode->i_gid;

	return security_kernel_create_files_as(new, inode);

}

EXPORT_SYMBOL(set_create_files_as);

{

}

static int cap_kernel_act_as(struct cred *new, u32 secid)

{

	return 0;

}

static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)

{

	return 0;

}

static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)

{

	return 0;

	set_to_cap_if_null(ops, cred_free);

	set_to_cap_if_null(ops, cred_prepare);

	set_to_cap_if_null(ops, cred_commit);

	set_to_cap_if_null(ops, kernel_act_as);

	set_to_cap_if_null(ops, kernel_create_files_as);

	set_to_cap_if_null(ops, task_setuid);

	set_to_cap_if_null(ops, task_fix_setuid);

	set_to_cap_if_null(ops, task_setgid);

	return security_ops->cred_commit(new, old);

}

int security_kernel_act_as(struct cred *new, u32 secid)

{

	return security_ops->kernel_act_as(new, secid);

}

int security_kernel_create_files_as(struct cred *new, struct inode *inode)

{

	return security_ops->kernel_create_files_as(new, inode);

}

int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)

{

	return security_ops->task_setuid(id0, id1, id2, flags);