>From 6bea9ec93a3596efb512292aee0ab88e219130cd Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> Date: Mon, 30 Sep 2013 20:07:24 +0900 Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook. Add a LSM hook which is called only when an execve operation failed after prepare_bprm_creds() succeeded. This hook is used by TOMOYO for synchronously cleaning up resources allocated during an execve operation. Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> --- fs/exec.c | 1 + include/linux/security.h | 11 +++++++++++ security/capability.c | 5 +++++ security/security.c | 5 +++++ 4 files changed, 22 insertions(+), 0 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 8875dd1..89f0479 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1172,6 +1172,7 @@ void free_bprm(struct linux_binprm *bprm) { free_arg_pages(bprm); if (bprm->cred) { + security_bprm_aborting_creds(bprm); mutex_unlock(¤t->signal->cred_guard_mutex); abort_creds(bprm->cred); } diff --git a/include/linux/security.h b/include/linux/security.h index 5623a7f..6c71236 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -236,6 +236,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * linux_binprm structure. This hook is a good place to perform state * changes on the process such as clearing out non-inheritable signal * state. This is called immediately after commit_creds(). + * @bprm_aborting_creds: + * This hook is called when an execve operation failed after + * prepare_bprm_creds() succeeded so that we can synchronously clean up + * resources used by an execve operation. + * @bprm points to the linux_binprm structure. * @bprm_secureexec: * Return a boolean value (0 or 1) indicating whether a "secure exec" * is required. The flag is passed in the auxiliary table @@ -1454,6 +1459,7 @@ struct security_operations { int (*bprm_secureexec) (struct linux_binprm *bprm); void (*bprm_committing_creds) (struct linux_binprm *bprm); void (*bprm_committed_creds) (struct linux_binprm *bprm); + void (*bprm_aborting_creds) (struct linux_binprm *bprm); int (*sb_alloc_security) (struct super_block *sb); void (*sb_free_security) (struct super_block *sb); @@ -1751,6 +1757,7 @@ int security_bprm_set_creds(struct linux_binprm *bprm); int security_bprm_check(struct linux_binprm *bprm); void security_bprm_committing_creds(struct linux_binprm *bprm); void security_bprm_committed_creds(struct linux_binprm *bprm); +void security_bprm_aborting_creds(struct linux_binprm *bprm); int security_bprm_secureexec(struct linux_binprm *bprm); int security_sb_alloc(struct super_block *sb); void security_sb_free(struct super_block *sb); @@ -1998,6 +2005,10 @@ static inline void security_bprm_committed_creds(struct linux_binprm *bprm) { } +static inline void security_bprm_aborting_creds(struct linux_binprm *bprm) +{ +} + static inline int security_bprm_secureexec(struct linux_binprm *bprm) { return cap_bprm_secureexec(bprm); diff --git a/security/capability.c b/security/capability.c index 8b4f24a..7dc95f7 100644 --- a/security/capability.c +++ b/security/capability.c @@ -40,6 +40,10 @@ static void cap_bprm_committed_creds(struct linux_binprm *bprm) { } +static void cap_bprm_aborting_creds(struct linux_binprm *bprm) +{ +} + static int cap_sb_alloc_security(struct super_block *sb) { return 0; @@ -937,6 +941,7 @@ void __init security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, bprm_set_creds); set_to_cap_if_null(ops, bprm_committing_creds); set_to_cap_if_null(ops, bprm_committed_creds); + set_to_cap_if_null(ops, bprm_aborting_creds); set_to_cap_if_null(ops, bprm_check_security); set_to_cap_if_null(ops, bprm_secureexec); set_to_cap_if_null(ops, sb_alloc_security); diff --git a/security/security.c b/security/security.c index 15b6928..fc05875 100644 --- a/security/security.c +++ b/security/security.c @@ -236,6 +236,11 @@ void security_bprm_committed_creds(struct linux_binprm *bprm) security_ops->bprm_committed_creds(bprm); } +void security_bprm_aborting_creds(struct linux_binprm *bprm) +{ + security_ops->bprm_aborting_creds(bprm); +} + int security_bprm_secureexec(struct linux_binprm *bprm) { return security_ops->bprm_secureexec(bprm); -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html