ich777/linux_media
1
0
Fork 0
mirror of https://github.com/tbsdtv/linux_media.git synced 2025-07-23 12:43:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

security: Add LSM hooks to set*gid syscalls

Browse Source 
The SafeSetID LSM uses the security_task_fix_setuid hook to filter
set*uid() syscalls according to its configured security policy. In
preparation for adding analagous support in the LSM for set*gid()
syscalls, we add the requisite hook here. Tested by putting print
statements in the security_task_fix_setgid hook and seeing them get hit
during kernel boot.

Signed-off-by: Thomas Cedeno <thomascedeno@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
This commit is contained in:
Thomas Cedeno
2020-06-09 10:22:13 -07:00
committed by Micah Morton
parent 3d77e6a880
commit 39030e1351
5 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/linux/security.h
View File

@@ -389,6 +389,8 @@ int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
enum kernel_read_file_id id);
int security_task_fix_setuid(struct cred *new, const struct cred *old,
int flags);
int security_task_fix_setgid(struct cred *new, const struct cred *old,
int flags);
int security_task_setpgid(struct task_struct *p, pid_t pgid);
int security_task_getpgid(struct task_struct *p);
int security_task_getsid(struct task_struct *p);
@@ -1027,6 +1029,13 @@ static inline int security_task_fix_setuid(struct cred *new,
return cap_task_fix_setuid(new, old, flags);
}
static inline int security_task_fix_setgid(struct cred *new,
const struct cred *old,
int flags)
{
return 0;
}
static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
{
return 0;