Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
All of the implementations of security hooks that take msg_queue only
access q_perm the struct kern_ipc_perm member. This means the
dependencies of the msg_queue security hooks can be simplified by
passing the kern_ipc_perm member of msg_queue.
Making this change will allow struct msg_queue to become private to
ipc/msg.c.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+62
-65
+6
-6
include/linux/lsm_hooks.h
+6
-6
include/linux/lsm_hooks.h
···
1575
1575
int (*msg_msg_alloc_security)(struct msg_msg *msg);
1576
1576
void (*msg_msg_free_security)(struct msg_msg *msg);
1577
1577
1578
-
int (*msg_queue_alloc_security)(struct msg_queue *msq);
1579
-
void (*msg_queue_free_security)(struct msg_queue *msq);
1580
-
int (*msg_queue_associate)(struct msg_queue *msq, int msqflg);
1581
-
int (*msg_queue_msgctl)(struct msg_queue *msq, int cmd);
1582
-
int (*msg_queue_msgsnd)(struct msg_queue *msq, struct msg_msg *msg,
1578
+
int (*msg_queue_alloc_security)(struct kern_ipc_perm *msq);
1579
+
void (*msg_queue_free_security)(struct kern_ipc_perm *msq);
1580
+
int (*msg_queue_associate)(struct kern_ipc_perm *msq, int msqflg);
1581
+
int (*msg_queue_msgctl)(struct kern_ipc_perm *msq, int cmd);
1582
+
int (*msg_queue_msgsnd)(struct kern_ipc_perm *msq, struct msg_msg *msg,
1583
1583
int msqflg);
1584
-
int (*msg_queue_msgrcv)(struct msg_queue *msq, struct msg_msg *msg,
1584
+
int (*msg_queue_msgrcv)(struct kern_ipc_perm *msq, struct msg_msg *msg,
1585
1585
struct task_struct *target, long type,
1586
1586
int mode);
1587
1587
+12
-13
include/linux/security.h
+12
-13
include/linux/security.h
···
50
50
struct fown_struct;
51
51
struct file_operations;
52
52
struct msg_msg;
53
-
struct msg_queue;
54
53
struct xattr;
55
54
struct xfrm_sec_ctx;
56
55
struct mm_struct;
···
352
353
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
353
354
int security_msg_msg_alloc(struct msg_msg *msg);
354
355
void security_msg_msg_free(struct msg_msg *msg);
355
-
int security_msg_queue_alloc(struct msg_queue *msq);
356
-
void security_msg_queue_free(struct msg_queue *msq);
357
-
int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
358
-
int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
359
-
int security_msg_queue_msgsnd(struct msg_queue *msq,
356
+
int security_msg_queue_alloc(struct kern_ipc_perm *msq);
357
+
void security_msg_queue_free(struct kern_ipc_perm *msq);
358
+
int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
359
+
int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
360
+
int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
360
361
struct msg_msg *msg, int msqflg);
361
-
int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
362
+
int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
362
363
struct task_struct *target, long type, int mode);
363
364
int security_shm_alloc(struct kern_ipc_perm *shp);
364
365
void security_shm_free(struct kern_ipc_perm *shp);
···
1042
1043
static inline void security_msg_msg_free(struct msg_msg *msg)
1043
1044
{ }
1044
1045
1045
-
static inline int security_msg_queue_alloc(struct msg_queue *msq)
1046
+
static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1046
1047
{
1047
1048
return 0;
1048
1049
}
1049
1050
1050
-
static inline void security_msg_queue_free(struct msg_queue *msq)
1051
+
static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
1051
1052
{ }
1052
1053
1053
-
static inline int security_msg_queue_associate(struct msg_queue *msq,
1054
+
static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
1054
1055
int msqflg)
1055
1056
{
1056
1057
return 0;
1057
1058
}
1058
1059
1059
-
static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1060
+
static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1060
1061
{
1061
1062
return 0;
1062
1063
}
1063
1064
1064
-
static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
1065
+
static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
1065
1066
struct msg_msg *msg, int msqflg)
1066
1067
{
1067
1068
return 0;
1068
1069
}
1069
1070
1070
-
static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
1071
+
static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
1071
1072
struct msg_msg *msg,
1072
1073
struct task_struct *target,
1073
1074
long type, int mode)
+8
-10
ipc/msg.c
+8
-10
ipc/msg.c
···
101
101
struct kern_ipc_perm *p = container_of(head, struct kern_ipc_perm, rcu);
102
102
struct msg_queue *msq = container_of(p, struct msg_queue, q_perm);
103
103
104
-
security_msg_queue_free(msq);
104
+
security_msg_queue_free(&msq->q_perm);
105
105
kvfree(msq);
106
106
}
107
107
···
127
127
msq->q_perm.key = key;
128
128
129
129
msq->q_perm.security = NULL;
130
-
retval = security_msg_queue_alloc(msq);
130
+
retval = security_msg_queue_alloc(&msq->q_perm);
131
131
if (retval) {
132
132
kvfree(msq);
133
133
return retval;
···
258
258
*/
259
259
static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
260
260
{
261
-
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm);
262
-
263
-
return security_msg_queue_associate(msq, msgflg);
261
+
return security_msg_queue_associate(ipcp, msgflg);
264
262
}
265
263
266
264
SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg)
···
378
380
379
381
msq = container_of(ipcp, struct msg_queue, q_perm);
380
382
381
-
err = security_msg_queue_msgctl(msq, cmd);
383
+
err = security_msg_queue_msgctl(&msq->q_perm, cmd);
382
384
if (err)
383
385
goto out_unlock1;
384
386
···
500
502
if (ipcperms(ns, &msq->q_perm, S_IRUGO))
501
503
goto out_unlock;
502
504
503
-
err = security_msg_queue_msgctl(msq, cmd);
505
+
err = security_msg_queue_msgctl(&msq->q_perm, cmd);
504
506
if (err)
505
507
goto out_unlock;
506
508
···
716
718
717
719
list_for_each_entry_safe(msr, t, &msq->q_receivers, r_list) {
718
720
if (testmsg(msg, msr->r_msgtype, msr->r_mode) &&
719
-
!security_msg_queue_msgrcv(msq, msg, msr->r_tsk,
721
+
!security_msg_queue_msgrcv(&msq->q_perm, msg, msr->r_tsk,
720
722
msr->r_msgtype, msr->r_mode)) {
721
723
722
724
list_del(&msr->r_list);
···
782
784
goto out_unlock0;
783
785
}
784
786
785
-
err = security_msg_queue_msgsnd(msq, msg, msgflg);
787
+
err = security_msg_queue_msgsnd(&msq->q_perm, msg, msgflg);
786
788
if (err)
787
789
goto out_unlock0;
788
790
···
958
960
959
961
list_for_each_entry(msg, &msq->q_messages, m_list) {
960
962
if (testmsg(msg, *msgtyp, mode) &&
961
-
!security_msg_queue_msgrcv(msq, msg, current,
963
+
!security_msg_queue_msgrcv(&msq->q_perm, msg, current,
962
964
*msgtyp, mode)) {
963
965
if (mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
964
966
*msgtyp = msg->m_type - 1;
+6
-6
security/security.c
+6
-6
security/security.c
···
1163
1163
call_void_hook(msg_msg_free_security, msg);
1164
1164
}
1165
1165
1166
-
int security_msg_queue_alloc(struct msg_queue *msq)
1166
+
int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1167
1167
{
1168
1168
return call_int_hook(msg_queue_alloc_security, 0, msq);
1169
1169
}
1170
1170
1171
-
void security_msg_queue_free(struct msg_queue *msq)
1171
+
void security_msg_queue_free(struct kern_ipc_perm *msq)
1172
1172
{
1173
1173
call_void_hook(msg_queue_free_security, msq);
1174
1174
}
1175
1175
1176
-
int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
1176
+
int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
1177
1177
{
1178
1178
return call_int_hook(msg_queue_associate, 0, msq, msqflg);
1179
1179
}
1180
1180
1181
-
int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1181
+
int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1182
1182
{
1183
1183
return call_int_hook(msg_queue_msgctl, 0, msq, cmd);
1184
1184
}
1185
1185
1186
-
int security_msg_queue_msgsnd(struct msg_queue *msq,
1186
+
int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
1187
1187
struct msg_msg *msg, int msqflg)
1188
1188
{
1189
1189
return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg);
1190
1190
}
1191
1191
1192
-
int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1192
+
int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
1193
1193
struct task_struct *target, long type, int mode)
1194
1194
{
1195
1195
return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode);
+18
-18
security/selinux/hooks.c
+18
-18
security/selinux/hooks.c
···
5532
5532
}
5533
5533
5534
5534
/* message queue security operations */
5535
-
static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5535
+
static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5536
5536
{
5537
5537
struct ipc_security_struct *isec;
5538
5538
struct common_audit_data ad;
5539
5539
u32 sid = current_sid();
5540
5540
int rc;
5541
5541
5542
-
rc = ipc_alloc_security(&msq->q_perm, SECCLASS_MSGQ);
5542
+
rc = ipc_alloc_security(msq, SECCLASS_MSGQ);
5543
5543
if (rc)
5544
5544
return rc;
5545
5545
5546
-
isec = msq->q_perm.security;
5546
+
isec = msq->security;
5547
5547
5548
5548
ad.type = LSM_AUDIT_DATA_IPC;
5549
-
ad.u.ipc_id = msq->q_perm.key;
5549
+
ad.u.ipc_id = msq->key;
5550
5550
5551
5551
rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5552
5552
MSGQ__CREATE, &ad);
5553
5553
if (rc) {
5554
-
ipc_free_security(&msq->q_perm);
5554
+
ipc_free_security(msq);
5555
5555
return rc;
5556
5556
}
5557
5557
return 0;
5558
5558
}
5559
5559
5560
-
static void selinux_msg_queue_free_security(struct msg_queue *msq)
5560
+
static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq)
5561
5561
{
5562
-
ipc_free_security(&msq->q_perm);
5562
+
ipc_free_security(msq);
5563
5563
}
5564
5564
5565
-
static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5565
+
static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
5566
5566
{
5567
5567
struct ipc_security_struct *isec;
5568
5568
struct common_audit_data ad;
5569
5569
u32 sid = current_sid();
5570
5570
5571
-
isec = msq->q_perm.security;
5571
+
isec = msq->security;
5572
5572
5573
5573
ad.type = LSM_AUDIT_DATA_IPC;
5574
-
ad.u.ipc_id = msq->q_perm.key;
5574
+
ad.u.ipc_id = msq->key;
5575
5575
5576
5576
return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5577
5577
MSGQ__ASSOCIATE, &ad);
5578
5578
}
5579
5579
5580
-
static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5580
+
static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
5581
5581
{
5582
5582
int err;
5583
5583
int perms;
···
5602
5602
return 0;
5603
5603
}
5604
5604
5605
-
err = ipc_has_perm(&msq->q_perm, perms);
5605
+
err = ipc_has_perm(msq, perms);
5606
5606
return err;
5607
5607
}
5608
5608
5609
-
static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5609
+
static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
5610
5610
{
5611
5611
struct ipc_security_struct *isec;
5612
5612
struct msg_security_struct *msec;
···
5614
5614
u32 sid = current_sid();
5615
5615
int rc;
5616
5616
5617
-
isec = msq->q_perm.security;
5617
+
isec = msq->security;
5618
5618
msec = msg->security;
5619
5619
5620
5620
/*
···
5632
5632
}
5633
5633
5634
5634
ad.type = LSM_AUDIT_DATA_IPC;
5635
-
ad.u.ipc_id = msq->q_perm.key;
5635
+
ad.u.ipc_id = msq->key;
5636
5636
5637
5637
/* Can this process write to the queue? */
5638
5638
rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
···
5649
5649
return rc;
5650
5650
}
5651
5651
5652
-
static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5652
+
static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
5653
5653
struct task_struct *target,
5654
5654
long type, int mode)
5655
5655
{
···
5659
5659
u32 sid = task_sid(target);
5660
5660
int rc;
5661
5661
5662
-
isec = msq->q_perm.security;
5662
+
isec = msq->security;
5663
5663
msec = msg->security;
5664
5664
5665
5665
ad.type = LSM_AUDIT_DATA_IPC;
5666
-
ad.u.ipc_id = msq->q_perm.key;
5666
+
ad.u.ipc_id = msq->key;
5667
5667
5668
5668
rc = avc_has_perm(sid, isec->sid,
5669
5669
SECCLASS_MSGQ, MSGQ__READ, &ad);
+12
-12
security/smack/smack_lsm.c
+12
-12
security/smack/smack_lsm.c
···
3210
3210
*
3211
3211
* Returns 0
3212
3212
*/
3213
-
static int smack_msg_queue_alloc_security(struct msg_queue *msq)
3213
+
static int smack_msg_queue_alloc_security(struct kern_ipc_perm *msq)
3214
3214
{
3215
-
struct kern_ipc_perm *kisp = &msq->q_perm;
3215
+
struct kern_ipc_perm *kisp = msq;
3216
3216
struct smack_known *skp = smk_of_current();
3217
3217
3218
3218
kisp->security = skp;
···
3225
3225
*
3226
3226
* Clears the blob pointer
3227
3227
*/
3228
-
static void smack_msg_queue_free_security(struct msg_queue *msq)
3228
+
static void smack_msg_queue_free_security(struct kern_ipc_perm *msq)
3229
3229
{
3230
-
struct kern_ipc_perm *kisp = &msq->q_perm;
3230
+
struct kern_ipc_perm *kisp = msq;
3231
3231
3232
3232
kisp->security = NULL;
3233
3233
}
···
3238
3238
*
3239
3239
* Returns a pointer to the smack label entry
3240
3240
*/
3241
-
static struct smack_known *smack_of_msq(struct msg_queue *msq)
3241
+
static struct smack_known *smack_of_msq(struct kern_ipc_perm *msq)
3242
3242
{
3243
-
return (struct smack_known *)msq->q_perm.security;
3243
+
return (struct smack_known *)msq->security;
3244
3244
}
3245
3245
3246
3246
/**
···
3250
3250
*
3251
3251
* return 0 if current has access, error otherwise
3252
3252
*/
3253
-
static int smk_curacc_msq(struct msg_queue *msq, int access)
3253
+
static int smk_curacc_msq(struct kern_ipc_perm *msq, int access)
3254
3254
{
3255
3255
struct smack_known *msp = smack_of_msq(msq);
3256
3256
struct smk_audit_info ad;
···
3258
3258
3259
3259
#ifdef CONFIG_AUDIT
3260
3260
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3261
-
ad.a.u.ipc_id = msq->q_perm.id;
3261
+
ad.a.u.ipc_id = msq->id;
3262
3262
#endif
3263
3263
rc = smk_curacc(msp, access, &ad);
3264
3264
rc = smk_bu_current("msq", msp, access, rc);
···
3272
3272
*
3273
3273
* Returns 0 if current has the requested access, error code otherwise
3274
3274
*/
3275
-
static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
3275
+
static int smack_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
3276
3276
{
3277
3277
int may;
3278
3278
···
3287
3287
*
3288
3288
* Returns 0 if current has the requested access, error code otherwise
3289
3289
*/
3290
-
static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3290
+
static int smack_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
3291
3291
{
3292
3292
int may;
3293
3293
···
3321
3321
*
3322
3322
* Returns 0 if current has the requested access, error code otherwise
3323
3323
*/
3324
-
static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
3324
+
static int smack_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg,
3325
3325
int msqflg)
3326
3326
{
3327
3327
int may;
···
3340
3340
*
3341
3341
* Returns 0 if current has read and write access, error code otherwise
3342
3342
*/
3343
-
static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3343
+
static int smack_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
3344
3344
struct task_struct *target, long type, int mode)
3345
3345
{
3346
3346
return smk_curacc_msq(msq, MAY_READWRITE);