[PATCH 2/3] tomoyo: replace current->in_execve flag with security_bprm_aborting_creds() hook

From: Tetsuo Handa
Date: Sun Jan 28 2024 - 09:18:01 EST

Next message: Tetsuo Handa: "[PATCH 3/3] fs/exec: remove current->in_execve flag"
Previous message: Tetsuo Handa: "[PATCH 1/3] LSM: add security_bprm_aborting_creds() hook"
In reply to: Tetsuo Handa: "Re: [PATCH 1/3] LSM: add security_bprm_aborting_creds() hook"
Next in thread: Tetsuo Handa: "[PATCH 3/3] fs/exec: remove current->in_execve flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TOMOYO was using current->in_execve flag in order to restore previous state
when previous execve() request failed. Since security_bprm_aborting_creds()
hook was added, switch to use it.

Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
security/tomoyo/tomoyo.c | 22 ++++++----------------
1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 04a92c3d65d4..de572705772a 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -18,34 +18,24 @@ struct tomoyo_domain_info *tomoyo_domain(void)
{
struct tomoyo_task *s = tomoyo_task(current);

- if (s->old_domain_info && !current->in_execve) {
- atomic_dec(&s->old_domain_info->users);
- s->old_domain_info = NULL;
- }
return s->domain_info;
}

/**
- * tomoyo_cred_prepare - Target for security_prepare_creds().
- *
- * @new: Pointer to "struct cred".
- * @old: Pointer to "struct cred".
- * @gfp: Memory allocation flags.
+ * tomoyo_bprm_aborting_creds - Target for security_bprm_aborting_creds().
*
- * Returns 0.
+ * @bprm: Pointer to "struct linux_binprm".
*/
-static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
- gfp_t gfp)
+static void tomoyo_bprm_aborting_creds(const struct linux_binprm *bprm)
{
- /* Restore old_domain_info saved by previous execve() request. */
+ /* Restore old_domain_info saved by execve() request. */
struct tomoyo_task *s = tomoyo_task(current);

- if (s->old_domain_info && !current->in_execve) {
+ if (s->old_domain_info) {
atomic_dec(&s->domain_info->users);
s->domain_info = s->old_domain_info;
s->old_domain_info = NULL;
}
- return 0;
}

/**
@@ -554,8 +544,8 @@ static const struct lsm_id tomoyo_lsmid = {
* registering TOMOYO.
*/
static struct security_hook_list tomoyo_hooks[] __ro_after_init = {
- LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds),
+ LSM_HOOK_INIT(bprm_aborting_creds, tomoyo_bprm_aborting_creds),
LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc),
LSM_HOOK_INIT(task_free, tomoyo_task_free),
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
--
2.18.4

Next message: Tetsuo Handa: "[PATCH 3/3] fs/exec: remove current->in_execve flag"
Previous message: Tetsuo Handa: "[PATCH 1/3] LSM: add security_bprm_aborting_creds() hook"
In reply to: Tetsuo Handa: "Re: [PATCH 1/3] LSM: add security_bprm_aborting_creds() hook"
Next in thread: Tetsuo Handa: "[PATCH 3/3] fs/exec: remove current->in_execve flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]