Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932617AbYBVE5d (ORCPT ); Thu, 21 Feb 2008 23:57:33 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755304AbYBVE5V (ORCPT ); Thu, 21 Feb 2008 23:57:21 -0500 Received: from web36607.mail.mud.yahoo.com ([209.191.85.24]:29580 "HELO web36607.mail.mud.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1753654AbYBVE5T (ORCPT ); Thu, 21 Feb 2008 23:57:19 -0500 X-YMail-OSG: 2SE5M30VM1mEO6WzAVPg6UR.k7Udml448esGxg2tC4QlA4L07DCeVFRAzptf41_SIvVBKEQNzw-- X-RocketYMMF: rancidfat Date: Thu, 21 Feb 2008 20:57:18 -0800 (PST) From: Casey Schaufler Reply-To: casey@schaufler-ca.com Subject: Re: [PATCH 07/37] Security: De-embed task security record from task and use refcounting To: David Howells , Trond.Myklebust@netapp.com, chuck.lever@oracle.com, casey@schaufler-ca.com Cc: nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, dhowells@redhat.com In-Reply-To: <20080220160635.4715.81967.stgit@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Message-ID: <847728.57737.qm@web36607.mail.mud.yahoo.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3795 Lines: 121 --- David Howells wrote: > Remove the temporarily embedded task security record from task_struct. > Instead > it is made to dangle from the task_struct::sec and task_struct::act_as > pointers > with references counted for each. > > ... > > The LSM hooks for dealing with task security are modified to deal with the > task > security struct directly rather than going via the task_struct as appopriate. > > ... > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index a49d94f..dbce607 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -957,9 +957,22 @@ static int smack_task_alloc_security(struct task_struct > *tsk) > * points to an immutable list. The blobs never go away. > * There is no leak here. > */ > -static void smack_task_free_security(struct task_struct *task) > +static void smack_task_free_security(struct task_security *sec) > { > - task->sec->security = NULL; > + sec->security = NULL; > +} > + > +/** > + * task_dup_security - Duplicate task security > + * @p points to the task_security struct that has been copied > + * > + * Duplicate the security structure currently attached to the p->security > field > + * and attach back to p->security (the pointer itself was copied, so there's > + * nothing to be done here). > + */ > +static int smack_task_dup_security(struct task_security *sec) > +{ > + return 0; > } Thank you for adding this hook. The comment is helpful. > /** > @@ -2276,17 +2289,17 @@ static int smack_inet_conn_request(struct sock *sk, > struct sk_buff *skb, > /** > * smack_key_alloc - Set the key security blob > * @key: object > - * @tsk: the task associated with the key > + * @context: the task security associated with the key > * @flags: unused > * > * No allocation required > * > * Returns 0 > */ > -static int smack_key_alloc(struct key *key, struct task_struct *tsk, > +static int smack_key_alloc(struct key *key, struct task_security *context, > unsigned long flags) > { > - key->security = tsk->act_as->security; > + key->security = context->security; > return 0; > } > > @@ -2304,14 +2317,14 @@ static void smack_key_free(struct key *key) > /* > * smack_key_permission - Smack access on a key > * @key_ref: gets to the object > - * @context: task involved > + * @context: task security involved > * @perm: unused > * > * Return 0 if the task has read and write to the object, > * an error code otherwise > */ > static int smack_key_permission(key_ref_t key_ref, > - struct task_struct *context, key_perm_t perm) > + struct task_security *context, key_perm_t perm) > { > struct key *keyp; > > @@ -2327,10 +2340,10 @@ static int smack_key_permission(key_ref_t key_ref, > /* > * This should not occur > */ > - if (context->act_as->security == NULL) > + if (context->security == NULL) > return -EACCES; > > - return smk_access(context->act_as->security, keyp->security, > + return smk_access(context->security, keyp->security, > MAY_READWRITE); > } > #endif /* CONFIG_KEYS */ > @@ -2430,6 +2443,7 @@ static struct security_operations smack_ops = { > > .task_alloc_security = smack_task_alloc_security, > .task_free_security = smack_task_free_security, > + .task_dup_security = smack_task_dup_security, > .task_post_setuid = cap_task_post_setuid, > .task_setpgid = smack_task_setpgid, > .task_getpgid = smack_task_getpgid, No objections from the Smack side. Thank you. Casey Schaufler casey@schaufler-ca.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/