For introducing the do_sys_settimeofday64() function with
timespec64 type to make it ready for 2038 issue, it need to
introduce the security_settime64() function with timespec64
type firstly.
Also introduce a default security_settime64() function with
timespec64 type when it hasn't defined the CONFIG_SECURITY macro.
Also this patch changes the "settime" pointer's argument with
timespec64 type in security_operations structure for introducing
the the security_settime64() function.
Meanwhile moves the security_settime() defined in
security/security.c file to include/linux/security.h file as a
static function, that makes it convenient to delete the
security_settime() later.
And change the cap_settime() function's argument with timespec64
type to make it ready for 2038 issue, which is only used by
security_settime64()/security_settime() function.
Signed-off-by: Baolin Wang <[email protected]>
---
include/linux/security.h | 25 ++++++++++++++++++++-----
security/commoncap.c | 2 +-
security/security.c | 2 +-
3 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index a1b7dbd..5288794 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -75,7 +75,7 @@ struct timezone;
*/
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, int audit);
-extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
+extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent);
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
@@ -1353,7 +1353,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Return 0 if permission is granted.
* @settime:
* Check permission to change the system time.
- * struct timespec and timezone are defined in include/linux/time.h
+ * struct timespec64 is defined in include/linux/time64.h and timezone is
+ * defined in include/linux/time.h
* @ts contains new time
* @tz contains new timezone
* Return 0 if permission is granted.
@@ -1483,7 +1484,7 @@ struct security_operations {
int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
int (*quota_on) (struct dentry *dentry);
int (*syslog) (int type);
- int (*settime) (const struct timespec *ts, const struct timezone *tz);
+ int (*settime) (const struct timespec64 *ts, const struct timezone *tz);
int (*vm_enough_memory) (struct mm_struct *mm, long pages);
int (*bprm_set_creds) (struct linux_binprm *bprm);
@@ -1790,7 +1791,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
-int security_settime(const struct timespec *ts, const struct timezone *tz);
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
+static int security_settime(const struct timespec *ts, const struct timezone *tz)
+{
+ struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+ return security_settime64(&ts64, tz);
+}
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
int security_bprm_set_creds(struct linux_binprm *bprm);
int security_bprm_check(struct linux_binprm *bprm);
@@ -2040,10 +2047,18 @@ static inline int security_syslog(int type)
return 0;
}
+static inline int security_settime64(const struct timespec64 *ts,
+ const struct timezone *tz)
+{
+ return cap_settime(ts, tz);
+}
+
static inline int security_settime(const struct timespec *ts,
const struct timezone *tz)
{
- return cap_settime(ts, tz);
+ struct timsepc64 ts64 = timespec_to_timespec64(*ts);
+
+ return cap_settime(&ts64, tz);
}
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
diff --git a/security/commoncap.c b/security/commoncap.c
index f66713b..bdb8ec0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -116,7 +116,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
* Determine whether the current process may set the system clock and timezone
* information, returning 0 if permission granted, -ve if denied.
*/
-int cap_settime(const struct timespec *ts, const struct timezone *tz)
+int cap_settime(const struct timespec64 *ts, const struct timezone *tz)
{
if (!capable(CAP_SYS_TIME))
return -EPERM;
diff --git a/security/security.c b/security/security.c
index e81d5bb..0be5032 100644
--- a/security/security.c
+++ b/security/security.c
@@ -224,7 +224,7 @@ int security_syslog(int type)
return security_ops->syslog(type);
}
-int security_settime(const struct timespec *ts, const struct timezone *tz)
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
{
return security_ops->settime(ts, tz);
}
--
1.7.9.5
On Mon, Jun 1, 2015 at 4:52 AM, Baolin Wang <[email protected]> wrote:
> For introducing the do_sys_settimeofday64() function with
> timespec64 type to make it ready for 2038 issue, it need to
> introduce the security_settime64() function with timespec64
> type firstly.
>
> Also introduce a default security_settime64() function with
> timespec64 type when it hasn't defined the CONFIG_SECURITY macro.
>
> Also this patch changes the "settime" pointer's argument with
> timespec64 type in security_operations structure for introducing
> the the security_settime64() function.
>
> Meanwhile moves the security_settime() defined in
> security/security.c file to include/linux/security.h file as a
> static function, that makes it convenient to delete the
> security_settime() later.
>
> And change the cap_settime() function's argument with timespec64
> type to make it ready for 2038 issue, which is only used by
> security_settime64()/security_settime() function.
>
> Signed-off-by: Baolin Wang <[email protected]>
> ---
> include/linux/security.h | 25 ++++++++++++++++++++-----
> security/commoncap.c | 2 +-
> security/security.c | 2 +-
> 3 files changed, 22 insertions(+), 7 deletions(-)
We certainly want this in, but this area has been rather radically
refactored recently. Can you rebase this patch against security-next?
Thanks!
-Kees
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index a1b7dbd..5288794 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -75,7 +75,7 @@ struct timezone;
> */
> extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
> int cap, int audit);
> -extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
> +extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
> extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
> extern int cap_ptrace_traceme(struct task_struct *parent);
> extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
> @@ -1353,7 +1353,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> * Return 0 if permission is granted.
> * @settime:
> * Check permission to change the system time.
> - * struct timespec and timezone are defined in include/linux/time.h
> + * struct timespec64 is defined in include/linux/time64.h and timezone is
> + * defined in include/linux/time.h
> * @ts contains new time
> * @tz contains new timezone
> * Return 0 if permission is granted.
> @@ -1483,7 +1484,7 @@ struct security_operations {
> int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
> int (*quota_on) (struct dentry *dentry);
> int (*syslog) (int type);
> - int (*settime) (const struct timespec *ts, const struct timezone *tz);
> + int (*settime) (const struct timespec64 *ts, const struct timezone *tz);
> int (*vm_enough_memory) (struct mm_struct *mm, long pages);
>
> int (*bprm_set_creds) (struct linux_binprm *bprm);
> @@ -1790,7 +1791,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
> int security_quotactl(int cmds, int type, int id, struct super_block *sb);
> int security_quota_on(struct dentry *dentry);
> int security_syslog(int type);
> -int security_settime(const struct timespec *ts, const struct timezone *tz);
> +int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
> +static int security_settime(const struct timespec *ts, const struct timezone *tz)
> +{
> + struct timespec64 ts64 = timespec_to_timespec64(*ts);
> +
> + return security_settime64(&ts64, tz);
> +}
> int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
> int security_bprm_set_creds(struct linux_binprm *bprm);
> int security_bprm_check(struct linux_binprm *bprm);
> @@ -2040,10 +2047,18 @@ static inline int security_syslog(int type)
> return 0;
> }
>
> +static inline int security_settime64(const struct timespec64 *ts,
> + const struct timezone *tz)
> +{
> + return cap_settime(ts, tz);
> +}
> +
> static inline int security_settime(const struct timespec *ts,
> const struct timezone *tz)
> {
> - return cap_settime(ts, tz);
> + struct timsepc64 ts64 = timespec_to_timespec64(*ts);
> +
> + return cap_settime(&ts64, tz);
> }
>
> static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
> diff --git a/security/commoncap.c b/security/commoncap.c
> index f66713b..bdb8ec0 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -116,7 +116,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
> * Determine whether the current process may set the system clock and timezone
> * information, returning 0 if permission granted, -ve if denied.
> */
> -int cap_settime(const struct timespec *ts, const struct timezone *tz)
> +int cap_settime(const struct timespec64 *ts, const struct timezone *tz)
> {
> if (!capable(CAP_SYS_TIME))
> return -EPERM;
> diff --git a/security/security.c b/security/security.c
> index e81d5bb..0be5032 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -224,7 +224,7 @@ int security_syslog(int type)
> return security_ops->syslog(type);
> }
>
> -int security_settime(const struct timespec *ts, const struct timezone *tz)
> +int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
> {
> return security_ops->settime(ts, tz);
> }
> --
> 1.7.9.5
>
--
Kees Cook
Chrome OS Security
On Tue, Jun 9, 2015 at 8:14 PM, Baolin Wang <[email protected]> wrote:
> On 6 June 2015 at 12:27, Baolin Wang <[email protected]> wrote:
>> On 6 June 2015 at 04:04, Kees Cook <[email protected]> wrote:
>>> On Mon, Jun 1, 2015 at 4:52 AM, Baolin Wang <[email protected]>
>>> wrote:
>>> > include/linux/security.h | 25 ++++++++++++++++++++-----
>>> > security/commoncap.c | 2 +-
>>> > security/security.c | 2 +-
>>> > 3 files changed, 22 insertions(+), 7 deletions(-)
>>>
>>> We certainly want this in, but this area has been rather radically
>>> refactored recently. Can you rebase this patch against security-next?
>>>
>
> Hi Kees,
>
> I have rebased my patch series, but can not find your refactored code.
> Could you tell me the commit information? Thanks a lot!
It lives in security-next, but you could use linux-next too. This is
what I see on a trivial patch attempt:
checking file include/linux/security.h
Hunk #1 succeeded at 69 with fuzz 1 (offset -6 lines).
Hunk #2 FAILED at 1353.
Hunk #3 FAILED at 1483.
Hunk #4 succeeded at 206 (offset -1584 lines).
Hunk #5 succeeded at 463 (offset -1583 lines).
2 out of 5 hunks FAILED
(Stripping trailing CRs from patch; use --binary to disable.)
checking file security/commoncap.c
Hunk #1 succeeded at 111 (offset -5 lines).
(Stripping trailing CRs from patch; use --binary to disable.)
checking file security/security.c
Hunk #1 succeeded at 213 with fuzz 2 (offset -11 lines).
See http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/
or maybe I misunderstood your question?
Thanks!
-Kees
--
Kees Cook
Chrome OS Security