Commit 609fcd1b3a55f99667c61609895c83019b21baad
1 parent
2db8145293
Exists in
smarc-l5.0.0_1.0.0-ga
and in
5 other branches
userns: Convert tomoyo to use kuid and kgid where appropriate
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Showing 5 changed files with 31 additions and 23 deletions Side-by-side Diff
init/Kconfig
| ... | ... | @@ -962,9 +962,6 @@ |
| 962 | 962 | # The rare drivers that won't build |
| 963 | 963 | depends on ANDROID_BINDER_IPC = n |
| 964 | 964 | |
| 965 | - # Security modules | |
| 966 | - depends on SECURITY_TOMOYO = n | |
| 967 | - | |
| 968 | 965 | config UIDGID_STRICT_TYPE_CHECKS |
| 969 | 966 | bool "Require conversions between uid/gids and their internal representation" |
| 970 | 967 | depends on UIDGID_CONVERTED |
security/tomoyo/audit.c
| ... | ... | @@ -168,9 +168,14 @@ |
| 168 | 168 | stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, |
| 169 | 169 | tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, |
| 170 | 170 | tomoyo_sys_getpid(), tomoyo_sys_getppid(), |
| 171 | - current_uid(), current_gid(), current_euid(), | |
| 172 | - current_egid(), current_suid(), current_sgid(), | |
| 173 | - current_fsuid(), current_fsgid()); | |
| 171 | + from_kuid(&init_user_ns, current_uid()), | |
| 172 | + from_kgid(&init_user_ns, current_gid()), | |
| 173 | + from_kuid(&init_user_ns, current_euid()), | |
| 174 | + from_kgid(&init_user_ns, current_egid()), | |
| 175 | + from_kuid(&init_user_ns, current_suid()), | |
| 176 | + from_kgid(&init_user_ns, current_sgid()), | |
| 177 | + from_kuid(&init_user_ns, current_fsuid()), | |
| 178 | + from_kgid(&init_user_ns, current_fsgid())); | |
| 174 | 179 | if (!obj) |
| 175 | 180 | goto no_obj_info; |
| 176 | 181 | if (!obj->validate_done) { |
| 177 | 182 | |
| ... | ... | @@ -191,15 +196,19 @@ |
| 191 | 196 | tomoyo_buffer_len - 1 - pos, |
| 192 | 197 | " path%u.parent={ uid=%u gid=%u " |
| 193 | 198 | "ino=%lu perm=0%o }", (i >> 1) + 1, |
| 194 | - stat->uid, stat->gid, (unsigned long) | |
| 195 | - stat->ino, stat->mode & S_IALLUGO); | |
| 199 | + from_kuid(&init_user_ns, stat->uid), | |
| 200 | + from_kgid(&init_user_ns, stat->gid), | |
| 201 | + (unsigned long)stat->ino, | |
| 202 | + stat->mode & S_IALLUGO); | |
| 196 | 203 | continue; |
| 197 | 204 | } |
| 198 | 205 | pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, |
| 199 | 206 | " path%u={ uid=%u gid=%u ino=%lu major=%u" |
| 200 | 207 | " minor=%u perm=0%o type=%s", (i >> 1) + 1, |
| 201 | - stat->uid, stat->gid, (unsigned long) | |
| 202 | - stat->ino, MAJOR(dev), MINOR(dev), | |
| 208 | + from_kuid(&init_user_ns, stat->uid), | |
| 209 | + from_kgid(&init_user_ns, stat->gid), | |
| 210 | + (unsigned long)stat->ino, | |
| 211 | + MAJOR(dev), MINOR(dev), | |
| 203 | 212 | mode & S_IALLUGO, tomoyo_filetype(mode)); |
| 204 | 213 | if (S_ISCHR(mode) || S_ISBLK(mode)) { |
| 205 | 214 | dev = stat->rdev; |
security/tomoyo/common.c
| ... | ... | @@ -925,7 +925,9 @@ |
| 925 | 925 | |
| 926 | 926 | if (!tomoyo_policy_loaded) |
| 927 | 927 | return true; |
| 928 | - if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) | |
| 928 | + if (!tomoyo_manage_by_non_root && | |
| 929 | + (!uid_eq(task->cred->uid, GLOBAL_ROOT_UID) || | |
| 930 | + !uid_eq(task->cred->euid, GLOBAL_ROOT_UID))) | |
| 929 | 931 | return false; |
| 930 | 932 | exe = tomoyo_get_exe(); |
| 931 | 933 | if (!exe) |
security/tomoyo/common.h
security/tomoyo/condition.c
| ... | ... | @@ -813,28 +813,28 @@ |
| 813 | 813 | unsigned long value = 0; |
| 814 | 814 | switch (index) { |
| 815 | 815 | case TOMOYO_TASK_UID: |
| 816 | - value = current_uid(); | |
| 816 | + value = from_kuid(&init_user_ns, current_uid()); | |
| 817 | 817 | break; |
| 818 | 818 | case TOMOYO_TASK_EUID: |
| 819 | - value = current_euid(); | |
| 819 | + value = from_kuid(&init_user_ns, current_euid()); | |
| 820 | 820 | break; |
| 821 | 821 | case TOMOYO_TASK_SUID: |
| 822 | - value = current_suid(); | |
| 822 | + value = from_kuid(&init_user_ns, current_suid()); | |
| 823 | 823 | break; |
| 824 | 824 | case TOMOYO_TASK_FSUID: |
| 825 | - value = current_fsuid(); | |
| 825 | + value = from_kuid(&init_user_ns, current_fsuid()); | |
| 826 | 826 | break; |
| 827 | 827 | case TOMOYO_TASK_GID: |
| 828 | - value = current_gid(); | |
| 828 | + value = from_kgid(&init_user_ns, current_gid()); | |
| 829 | 829 | break; |
| 830 | 830 | case TOMOYO_TASK_EGID: |
| 831 | - value = current_egid(); | |
| 831 | + value = from_kgid(&init_user_ns, current_egid()); | |
| 832 | 832 | break; |
| 833 | 833 | case TOMOYO_TASK_SGID: |
| 834 | - value = current_sgid(); | |
| 834 | + value = from_kgid(&init_user_ns, current_sgid()); | |
| 835 | 835 | break; |
| 836 | 836 | case TOMOYO_TASK_FSGID: |
| 837 | - value = current_fsgid(); | |
| 837 | + value = from_kgid(&init_user_ns, current_fsgid()); | |
| 838 | 838 | break; |
| 839 | 839 | case TOMOYO_TASK_PID: |
| 840 | 840 | value = tomoyo_sys_getpid(); |
| 841 | 841 | |
| ... | ... | @@ -970,13 +970,13 @@ |
| 970 | 970 | case TOMOYO_PATH2_UID: |
| 971 | 971 | case TOMOYO_PATH1_PARENT_UID: |
| 972 | 972 | case TOMOYO_PATH2_PARENT_UID: |
| 973 | - value = stat->uid; | |
| 973 | + value = from_kuid(&init_user_ns, stat->uid); | |
| 974 | 974 | break; |
| 975 | 975 | case TOMOYO_PATH1_GID: |
| 976 | 976 | case TOMOYO_PATH2_GID: |
| 977 | 977 | case TOMOYO_PATH1_PARENT_GID: |
| 978 | 978 | case TOMOYO_PATH2_PARENT_GID: |
| 979 | - value = stat->gid; | |
| 979 | + value = from_kgid(&init_user_ns, stat->gid); | |
| 980 | 980 | break; |
| 981 | 981 | case TOMOYO_PATH1_INO: |
| 982 | 982 | case TOMOYO_PATH2_INO: |