diff options
| author | Paul Moore <paul@paul-moore.com> | 2021-09-29 11:01:21 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2021-11-22 17:52:47 -0500 |
| commit | 6326948f940dc3f77066d5cdc44ba6afe67830c0 (patch) | |
| tree | 13976c9bfaedfc1105ac27a1efaf9c752d3949ee /security/smack/smack.h | |
| parent | fa55b7dcdc43c1aa1ba12bca9d2dd4318c2a0dbf (diff) | |
| download | linux-6326948f940dc3f77066d5cdc44ba6afe67830c0.tar.gz | |
lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
The security_task_getsecid_subj() LSM hook invites misuse by allowing callers to specify a task even though the hook is only safe when the current task is referenced. Fix this by removing the task_struct argument to the hook, requiring LSM implementations to use the current task. While we are changing the hook declaration we also rename the function to security_current_getsecid_subj() in an effort to reinforce that the hook captures the subjective credentials of the current task and not an arbitrary task on the system. Reviewed-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/smack/smack.h')
| -rw-r--r-- | security/smack/smack.h | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 99c3422596ab..fc837dcebf96 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -389,22 +389,6 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct_subj( - const struct task_struct *t) -{ - struct smack_known *skp; - const struct cred *cred; - - rcu_read_lock(); - - cred = rcu_dereference(t->cred); - skp = smk_of_task(smack_cred(cred)); - - rcu_read_unlock(); - - return skp; -} - static inline struct smack_known *smk_of_task_struct_obj( const struct task_struct *t) { |