Lines Matching +full:subset +full:- +full:of
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Task credentials management - see Documentation/security/credentials.rst
25 printk("[%-5.5s%5u] " FMT "\n", \
26 current->comm, current->pid, ##__VA_ARGS__)
31 no_printk("[%-5.5s%5u] " FMT "\n", \
32 current->comm, current->pid, ##__VA_ARGS__); \
38 /* init to 2 - one for init_task, one to ensure it is never freed */
66 * The RCU callback to actually dispose of a set of credentials
74 if (atomic_long_read(&cred->usage) != 0) in put_cred_rcu()
76 cred, atomic_long_read(&cred->usage)); in put_cred_rcu()
79 key_put(cred->session_keyring); in put_cred_rcu()
80 key_put(cred->process_keyring); in put_cred_rcu()
81 key_put(cred->thread_keyring); in put_cred_rcu()
82 key_put(cred->request_key_auth); in put_cred_rcu()
83 if (cred->group_info) in put_cred_rcu()
84 put_group_info(cred->group_info); in put_cred_rcu()
85 free_uid(cred->user); in put_cred_rcu()
86 if (cred->ucounts) in put_cred_rcu()
87 put_ucounts(cred->ucounts); in put_cred_rcu()
88 put_user_ns(cred->user_ns); in put_cred_rcu()
93 * __put_cred - Destroy a set of credentials
96 * Destroy a set of credentials on which no references remain.
101 atomic_long_read(&cred->usage)); in __put_cred()
103 BUG_ON(atomic_long_read(&cred->usage) != 0); in __put_cred()
104 BUG_ON(cred == current->cred); in __put_cred()
105 BUG_ON(cred == current->real_cred); in __put_cred()
107 if (cred->non_rcu) in __put_cred()
108 put_cred_rcu(&cred->rcu); in __put_cred()
110 call_rcu(&cred->rcu, put_cred_rcu); in __put_cred()
121 kdebug("exit_creds(%u,%p,%p,{%ld})", tsk->pid, tsk->real_cred, tsk->cred, in exit_creds()
122 atomic_long_read(&tsk->cred->usage)); in exit_creds()
124 real_cred = (struct cred *) tsk->real_cred; in exit_creds()
125 tsk->real_cred = NULL; in exit_creds()
127 cred = (struct cred *) tsk->cred; in exit_creds()
128 tsk->cred = NULL; in exit_creds()
138 key_put(tsk->cached_requested_key); in exit_creds()
139 tsk->cached_requested_key = NULL; in exit_creds()
144 * get_task_cred - Get another task's objective credentials
147 * Get the objective credentials of a task, pinning them so that they can't go
171 * later date without risk of ENOMEM.
181 atomic_long_set(&new->usage, 1); in cred_alloc_blank()
193 * prepare_creds - Prepare a new set of credentials for modification
195 * Prepare a new set of task credentials for modification. A task's creds
200 * Preparation involves making a copy of the objective creds for modification.
202 * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
218 old = task->cred; in prepare_creds()
221 new->non_rcu = 0; in prepare_creds()
222 atomic_long_set(&new->usage, 1); in prepare_creds()
223 get_group_info(new->group_info); in prepare_creds()
224 get_uid(new->user); in prepare_creds()
225 get_user_ns(new->user_ns); in prepare_creds()
228 key_get(new->session_keyring); in prepare_creds()
229 key_get(new->process_keyring); in prepare_creds()
230 key_get(new->thread_keyring); in prepare_creds()
231 key_get(new->request_key_auth); in prepare_creds()
235 new->security = NULL; in prepare_creds()
238 new->ucounts = get_ucounts(new->ucounts); in prepare_creds()
239 if (!new->ucounts) in prepare_creds()
255 * - The caller must hold ->cred_guard_mutex
267 key_put(new->thread_keyring); in prepare_exec_creds()
268 new->thread_keyring = NULL; in prepare_exec_creds()
271 key_put(new->process_keyring); in prepare_exec_creds()
272 new->process_keyring = NULL; in prepare_exec_creds()
275 new->suid = new->fsuid = new->euid; in prepare_exec_creds()
276 new->sgid = new->fsgid = new->egid; in prepare_exec_creds()
296 p->cached_requested_key = NULL; in copy_creds()
301 !p->cred->thread_keyring && in copy_creds()
305 p->real_cred = get_cred_many(p->cred, 2); in copy_creds()
307 p->cred, atomic_long_read(&p->cred->usage)); in copy_creds()
314 return -ENOMEM; in copy_creds()
328 if (new->thread_keyring) { in copy_creds()
329 key_put(new->thread_keyring); in copy_creds()
330 new->thread_keyring = NULL; in copy_creds()
336 * anything outside of those threads doesn't inherit. in copy_creds()
339 key_put(new->process_keyring); in copy_creds()
340 new->process_keyring = NULL; in copy_creds()
344 p->cred = p->real_cred = get_cred(new); in copy_creds()
353 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset) in cred_cap_issubset() argument
355 const struct user_namespace *set_ns = set->user_ns; in cred_cap_issubset()
356 const struct user_namespace *subset_ns = subset->user_ns; in cred_cap_issubset()
359 * the capabilities of subset are a subset of set. in cred_cap_issubset()
362 return cap_issubset(subset->cap_permitted, set->cap_permitted); in cred_cap_issubset()
365 * therefore one is a subset of the other only if a set is an in cred_cap_issubset()
366 * ancestor of subset and set->euid is owner of subset or one in cred_cap_issubset()
367 * of subsets ancestors. in cred_cap_issubset()
369 for (;subset_ns != &init_user_ns; subset_ns = subset_ns->parent) { in cred_cap_issubset()
370 if ((set_ns == subset_ns->parent) && in cred_cap_issubset()
371 uid_eq(subset_ns->owner, set->euid)) in cred_cap_issubset()
379 * commit_creds - Install new credentials upon the current task
382 * Install a new set of credentials to the current task, using RCU to replace
389 * Always returns 0 thus allowing this function to be tail-called at the end
390 * of, say, sys_setgid().
395 const struct cred *old = task->real_cred; in commit_creds()
398 atomic_long_read(&new->usage)); in commit_creds()
400 BUG_ON(task->cred != old); in commit_creds()
401 BUG_ON(atomic_long_read(&new->usage) < 1); in commit_creds()
406 if (!uid_eq(old->euid, new->euid) || in commit_creds()
407 !gid_eq(old->egid, new->egid) || in commit_creds()
408 !uid_eq(old->fsuid, new->fsuid) || in commit_creds()
409 !gid_eq(old->fsgid, new->fsgid) || in commit_creds()
411 if (task->mm) in commit_creds()
412 set_dumpable(task->mm, suid_dumpable); in commit_creds()
413 task->pdeath_signal = 0; in commit_creds()
427 if (!uid_eq(new->fsuid, old->fsuid)) in commit_creds()
429 if (!gid_eq(new->fsgid, old->fsgid)) in commit_creds()
433 * RLIMIT_NPROC limits on user->processes have already been checked in commit_creds()
436 if (new->user != old->user || new->user_ns != old->user_ns) in commit_creds()
437 inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1); in commit_creds()
438 rcu_assign_pointer(task->real_cred, new); in commit_creds()
439 rcu_assign_pointer(task->cred, new); in commit_creds()
440 if (new->user != old->user || new->user_ns != old->user_ns) in commit_creds()
441 dec_rlimit_ucounts(old->ucounts, UCOUNT_RLIMIT_NPROC, 1); in commit_creds()
444 if (!uid_eq(new->uid, old->uid) || in commit_creds()
445 !uid_eq(new->euid, old->euid) || in commit_creds()
446 !uid_eq(new->suid, old->suid) || in commit_creds()
447 !uid_eq(new->fsuid, old->fsuid)) in commit_creds()
450 if (!gid_eq(new->gid, old->gid) || in commit_creds()
451 !gid_eq(new->egid, old->egid) || in commit_creds()
452 !gid_eq(new->sgid, old->sgid) || in commit_creds()
453 !gid_eq(new->fsgid, old->fsgid)) in commit_creds()
463 * abort_creds - Discard a set of credentials and unlock the current task
466 * Discard a set of credentials that were under construction and unlock the
472 atomic_long_read(&new->usage)); in abort_creds()
474 BUG_ON(atomic_long_read(&new->usage) < 1); in abort_creds()
480 * override_creds - Override the current process's subjective credentials
483 * Install a set of temporary override subjective credentials on the current
488 const struct cred *old = current->cred; in override_creds()
491 atomic_long_read(&new->usage)); in override_creds()
497 * we are only installing the cred into the thread-synchronous in override_creds()
498 * '->cred' pointer, not the '->real_cred' pointer that is in override_creds()
502 rcu_assign_pointer(current->cred, new); in override_creds()
505 atomic_long_read(&old->usage)); in override_creds()
511 * revert_creds - Revert a temporary subjective credentials override
514 * Revert a temporary set of override subjective credentials to an old set,
519 const struct cred *override = current->cred; in revert_creds()
522 atomic_long_read(&old->usage)); in revert_creds()
524 rcu_assign_pointer(current->cred, old); in revert_creds()
530 * cred_fscmp - Compare two credentials with respect to filesystem access.
537 * If the credentials are different, then either -1 or 1 will
539 * respectively in an arbitrary, but stable, ordering of credentials.
541 * Return: -1, 0, or 1 depending on comparison
550 if (uid_lt(a->fsuid, b->fsuid)) in cred_fscmp()
551 return -1; in cred_fscmp()
552 if (uid_gt(a->fsuid, b->fsuid)) in cred_fscmp()
555 if (gid_lt(a->fsgid, b->fsgid)) in cred_fscmp()
556 return -1; in cred_fscmp()
557 if (gid_gt(a->fsgid, b->fsgid)) in cred_fscmp()
560 ga = a->group_info; in cred_fscmp()
561 gb = b->group_info; in cred_fscmp()
565 return -1; in cred_fscmp()
568 if (ga->ngroups < gb->ngroups) in cred_fscmp()
569 return -1; in cred_fscmp()
570 if (ga->ngroups > gb->ngroups) in cred_fscmp()
573 for (g = 0; g < ga->ngroups; g++) { in cred_fscmp()
574 if (gid_lt(ga->gid[g], gb->gid[g])) in cred_fscmp()
575 return -1; in cred_fscmp()
576 if (gid_gt(ga->gid[g], gb->gid[g])) in cred_fscmp()
585 struct ucounts *new_ucounts, *old_ucounts = new->ucounts; in set_cred_ucounts()
591 if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid)) in set_cred_ucounts()
594 if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid))) in set_cred_ucounts()
595 return -EAGAIN; in set_cred_ucounts()
597 new->ucounts = new_ucounts; in set_cred_ucounts()
614 * prepare_kernel_cred - Prepare a set of credentials for a kernel service
617 * Prepare a set of credentials for a kernel service. This can then be used to
618 * override a task's own credentials so that work can be done on behalf of that
627 * Returns the new credentials or NULL if out of memory.
646 new->non_rcu = 0; in prepare_kernel_cred()
647 atomic_long_set(&new->usage, 1); in prepare_kernel_cred()
648 get_uid(new->user); in prepare_kernel_cred()
649 get_user_ns(new->user_ns); in prepare_kernel_cred()
650 get_group_info(new->group_info); in prepare_kernel_cred()
653 new->session_keyring = NULL; in prepare_kernel_cred()
654 new->process_keyring = NULL; in prepare_kernel_cred()
655 new->thread_keyring = NULL; in prepare_kernel_cred()
656 new->request_key_auth = NULL; in prepare_kernel_cred()
657 new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; in prepare_kernel_cred()
661 new->security = NULL; in prepare_kernel_cred()
663 new->ucounts = get_ucounts(new->ucounts); in prepare_kernel_cred()
664 if (!new->ucounts) in prepare_kernel_cred()
681 * set_security_override - Set the security ID in a set of credentials
685 * Set the LSM security ID in a set of credentials so that the subjective
686 * security is overridden when an alternative set of credentials is used.
695 * set_security_override_from_ctx - Set the security ID in a set of credentials
699 * Set the LSM security ID in a set of credentials so that the subjective
700 * security is overridden when an alternative set of credentials is used. The
718 * set_create_files_as - Set the LSM file create context in a set of credentials
722 * Change the LSM file creation context in a set of credentials to be the same
723 * as the object context of the specified inode, so that the new inodes have
728 if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid)) in set_create_files_as()
729 return -EINVAL; in set_create_files_as()
730 new->fsuid = inode->i_uid; in set_create_files_as()
731 new->fsgid = inode->i_gid; in set_create_files_as()