Lines Matching +full:subset +full:- +full:of
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Task credentials management - see Documentation/security/credentials.rst
25 printk("[%-5.5s%5u] " FMT "\n", \
26 current->comm, current->pid, ##__VA_ARGS__)
31 no_printk("[%-5.5s%5u] " FMT "\n", \
32 current->comm, current->pid, ##__VA_ARGS__); \
38 /* init to 2 - one for init_task, one to ensure it is never freed */
72 atomic_set(&cred->subscribers, n); in set_cred_subscribers()
79 return atomic_read(&cred->subscribers); in read_cred_subscribers()
90 atomic_add(n, &cred->subscribers); in alter_cred_subscribers()
95 * The RCU callback to actually dispose of a set of credentials
104 if (cred->magic != CRED_MAGIC_DEAD || in put_cred_rcu()
105 atomic_read(&cred->usage) != 0 || in put_cred_rcu()
109 cred, cred->magic, cred->put_addr, in put_cred_rcu()
110 atomic_read(&cred->usage), in put_cred_rcu()
113 if (atomic_read(&cred->usage) != 0) in put_cred_rcu()
115 cred, atomic_read(&cred->usage)); in put_cred_rcu()
119 key_put(cred->session_keyring); in put_cred_rcu()
120 key_put(cred->process_keyring); in put_cred_rcu()
121 key_put(cred->thread_keyring); in put_cred_rcu()
122 key_put(cred->request_key_auth); in put_cred_rcu()
123 if (cred->group_info) in put_cred_rcu()
124 put_group_info(cred->group_info); in put_cred_rcu()
125 free_uid(cred->user); in put_cred_rcu()
126 if (cred->ucounts) in put_cred_rcu()
127 put_ucounts(cred->ucounts); in put_cred_rcu()
128 put_user_ns(cred->user_ns); in put_cred_rcu()
133 * __put_cred - Destroy a set of credentials
136 * Destroy a set of credentials on which no references remain.
141 atomic_read(&cred->usage), in __put_cred()
144 BUG_ON(atomic_read(&cred->usage) != 0); in __put_cred()
147 cred->magic = CRED_MAGIC_DEAD; in __put_cred()
148 cred->put_addr = __builtin_return_address(0); in __put_cred()
150 BUG_ON(cred == current->cred); in __put_cred()
151 BUG_ON(cred == current->real_cred); in __put_cred()
153 if (cred->non_rcu) in __put_cred()
154 put_cred_rcu(&cred->rcu); in __put_cred()
156 call_rcu(&cred->rcu, put_cred_rcu); in __put_cred()
167 kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred, in exit_creds()
168 atomic_read(&tsk->cred->usage), in exit_creds()
169 read_cred_subscribers(tsk->cred)); in exit_creds()
171 cred = (struct cred *) tsk->real_cred; in exit_creds()
172 tsk->real_cred = NULL; in exit_creds()
174 alter_cred_subscribers(cred, -1); in exit_creds()
177 cred = (struct cred *) tsk->cred; in exit_creds()
178 tsk->cred = NULL; in exit_creds()
180 alter_cred_subscribers(cred, -1); in exit_creds()
184 key_put(tsk->cached_requested_key); in exit_creds()
185 tsk->cached_requested_key = NULL; in exit_creds()
190 * get_task_cred - Get another task's objective credentials
193 * Get the objective credentials of a task, pinning them so that they can't go
217 * later date without risk of ENOMEM.
227 atomic_set(&new->usage, 1); in cred_alloc_blank()
229 new->magic = CRED_MAGIC; in cred_alloc_blank()
242 * prepare_creds - Prepare a new set of credentials for modification
244 * Prepare a new set of task credentials for modification. A task's creds
249 * Preparation involves making a copy of the objective creds for modification.
251 * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
269 old = task->cred; in prepare_creds()
272 new->non_rcu = 0; in prepare_creds()
273 atomic_set(&new->usage, 1); in prepare_creds()
275 get_group_info(new->group_info); in prepare_creds()
276 get_uid(new->user); in prepare_creds()
277 get_user_ns(new->user_ns); in prepare_creds()
280 key_get(new->session_keyring); in prepare_creds()
281 key_get(new->process_keyring); in prepare_creds()
282 key_get(new->thread_keyring); in prepare_creds()
283 key_get(new->request_key_auth); in prepare_creds()
287 new->security = NULL; in prepare_creds()
290 new->ucounts = get_ucounts(new->ucounts); in prepare_creds()
291 if (!new->ucounts) in prepare_creds()
308 * - The caller must hold ->cred_guard_mutex
320 key_put(new->thread_keyring); in prepare_exec_creds()
321 new->thread_keyring = NULL; in prepare_exec_creds()
324 key_put(new->process_keyring); in prepare_exec_creds()
325 new->process_keyring = NULL; in prepare_exec_creds()
328 new->suid = new->fsuid = new->euid; in prepare_exec_creds()
329 new->sgid = new->fsgid = new->egid; in prepare_exec_creds()
349 p->cached_requested_key = NULL; in copy_creds()
354 !p->cred->thread_keyring && in copy_creds()
358 p->real_cred = get_cred(p->cred); in copy_creds()
359 get_cred(p->cred); in copy_creds()
360 alter_cred_subscribers(p->cred, 2); in copy_creds()
362 p->cred, atomic_read(&p->cred->usage), in copy_creds()
363 read_cred_subscribers(p->cred)); in copy_creds()
370 return -ENOMEM; in copy_creds()
384 if (new->thread_keyring) { in copy_creds()
385 key_put(new->thread_keyring); in copy_creds()
386 new->thread_keyring = NULL; in copy_creds()
392 * anything outside of those threads doesn't inherit. in copy_creds()
395 key_put(new->process_keyring); in copy_creds()
396 new->process_keyring = NULL; in copy_creds()
400 p->cred = p->real_cred = get_cred(new); in copy_creds()
411 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset) in cred_cap_issubset() argument
413 const struct user_namespace *set_ns = set->user_ns; in cred_cap_issubset()
414 const struct user_namespace *subset_ns = subset->user_ns; in cred_cap_issubset()
417 * the capabilities of subset are a subset of set. in cred_cap_issubset()
420 return cap_issubset(subset->cap_permitted, set->cap_permitted); in cred_cap_issubset()
423 * therefore one is a subset of the other only if a set is an in cred_cap_issubset()
424 * ancestor of subset and set->euid is owner of subset or one in cred_cap_issubset()
425 * of subsets ancestors. in cred_cap_issubset()
427 for (;subset_ns != &init_user_ns; subset_ns = subset_ns->parent) { in cred_cap_issubset()
428 if ((set_ns == subset_ns->parent) && in cred_cap_issubset()
429 uid_eq(subset_ns->owner, set->euid)) in cred_cap_issubset()
437 * commit_creds - Install new credentials upon the current task
440 * Install a new set of credentials to the current task, using RCU to replace
447 * Always returns 0 thus allowing this function to be tail-called at the end
448 * of, say, sys_setgid().
453 const struct cred *old = task->real_cred; in commit_creds()
456 atomic_read(&new->usage), in commit_creds()
459 BUG_ON(task->cred != old); in commit_creds()
465 BUG_ON(atomic_read(&new->usage) < 1); in commit_creds()
470 if (!uid_eq(old->euid, new->euid) || in commit_creds()
471 !gid_eq(old->egid, new->egid) || in commit_creds()
472 !uid_eq(old->fsuid, new->fsuid) || in commit_creds()
473 !gid_eq(old->fsgid, new->fsgid) || in commit_creds()
475 if (task->mm) in commit_creds()
476 set_dumpable(task->mm, suid_dumpable); in commit_creds()
477 task->pdeath_signal = 0; in commit_creds()
491 if (!uid_eq(new->fsuid, old->fsuid)) in commit_creds()
493 if (!gid_eq(new->fsgid, old->fsgid)) in commit_creds()
497 * RLIMIT_NPROC limits on user->processes have already been checked in commit_creds()
501 if (new->user != old->user || new->user_ns != old->user_ns) in commit_creds()
502 inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1); in commit_creds()
503 rcu_assign_pointer(task->real_cred, new); in commit_creds()
504 rcu_assign_pointer(task->cred, new); in commit_creds()
505 if (new->user != old->user || new->user_ns != old->user_ns) in commit_creds()
506 dec_rlimit_ucounts(old->ucounts, UCOUNT_RLIMIT_NPROC, 1); in commit_creds()
507 alter_cred_subscribers(old, -2); in commit_creds()
510 if (!uid_eq(new->uid, old->uid) || in commit_creds()
511 !uid_eq(new->euid, old->euid) || in commit_creds()
512 !uid_eq(new->suid, old->suid) || in commit_creds()
513 !uid_eq(new->fsuid, old->fsuid)) in commit_creds()
516 if (!gid_eq(new->gid, old->gid) || in commit_creds()
517 !gid_eq(new->egid, old->egid) || in commit_creds()
518 !gid_eq(new->sgid, old->sgid) || in commit_creds()
519 !gid_eq(new->fsgid, old->fsgid)) in commit_creds()
530 * abort_creds - Discard a set of credentials and unlock the current task
533 * Discard a set of credentials that were under construction and unlock the
539 atomic_read(&new->usage), in abort_creds()
545 BUG_ON(atomic_read(&new->usage) < 1); in abort_creds()
551 * override_creds - Override the current process's subjective credentials
554 * Install a set of temporary override subjective credentials on the current
559 const struct cred *old = current->cred; in override_creds()
562 atomic_read(&new->usage), in override_creds()
572 * we are only installing the cred into the thread-synchronous in override_creds()
573 * '->cred' pointer, not the '->real_cred' pointer that is in override_creds()
581 rcu_assign_pointer(current->cred, new); in override_creds()
582 alter_cred_subscribers(old, -1); in override_creds()
585 atomic_read(&old->usage), in override_creds()
592 * revert_creds - Revert a temporary subjective credentials override
595 * Revert a temporary set of override subjective credentials to an old set,
600 const struct cred *override = current->cred; in revert_creds()
603 atomic_read(&old->usage), in revert_creds()
609 rcu_assign_pointer(current->cred, old); in revert_creds()
610 alter_cred_subscribers(override, -1); in revert_creds()
616 * cred_fscmp - Compare two credentials with respect to filesystem access.
623 * If the credentials are different, then either -1 or 1 will
625 * respectively in an arbitrary, but stable, ordering of credentials.
627 * Return: -1, 0, or 1 depending on comparison
636 if (uid_lt(a->fsuid, b->fsuid)) in cred_fscmp()
637 return -1; in cred_fscmp()
638 if (uid_gt(a->fsuid, b->fsuid)) in cred_fscmp()
641 if (gid_lt(a->fsgid, b->fsgid)) in cred_fscmp()
642 return -1; in cred_fscmp()
643 if (gid_gt(a->fsgid, b->fsgid)) in cred_fscmp()
646 ga = a->group_info; in cred_fscmp()
647 gb = b->group_info; in cred_fscmp()
651 return -1; in cred_fscmp()
654 if (ga->ngroups < gb->ngroups) in cred_fscmp()
655 return -1; in cred_fscmp()
656 if (ga->ngroups > gb->ngroups) in cred_fscmp()
659 for (g = 0; g < ga->ngroups; g++) { in cred_fscmp()
660 if (gid_lt(ga->gid[g], gb->gid[g])) in cred_fscmp()
661 return -1; in cred_fscmp()
662 if (gid_gt(ga->gid[g], gb->gid[g])) in cred_fscmp()
671 struct ucounts *new_ucounts, *old_ucounts = new->ucounts; in set_cred_ucounts()
677 if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid)) in set_cred_ucounts()
680 if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid))) in set_cred_ucounts()
681 return -EAGAIN; in set_cred_ucounts()
683 new->ucounts = new_ucounts; in set_cred_ucounts()
700 * prepare_kernel_cred - Prepare a set of credentials for a kernel service
703 * Prepare a set of credentials for a kernel service. This can then be used to
704 * override a task's own credentials so that work can be done on behalf of that
713 * Returns the new credentials or NULL if out of memory.
733 new->non_rcu = 0; in prepare_kernel_cred()
734 atomic_set(&new->usage, 1); in prepare_kernel_cred()
736 get_uid(new->user); in prepare_kernel_cred()
737 get_user_ns(new->user_ns); in prepare_kernel_cred()
738 get_group_info(new->group_info); in prepare_kernel_cred()
741 new->session_keyring = NULL; in prepare_kernel_cred()
742 new->process_keyring = NULL; in prepare_kernel_cred()
743 new->thread_keyring = NULL; in prepare_kernel_cred()
744 new->request_key_auth = NULL; in prepare_kernel_cred()
745 new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; in prepare_kernel_cred()
749 new->security = NULL; in prepare_kernel_cred()
751 new->ucounts = get_ucounts(new->ucounts); in prepare_kernel_cred()
752 if (!new->ucounts) in prepare_kernel_cred()
770 * set_security_override - Set the security ID in a set of credentials
774 * Set the LSM security ID in a set of credentials so that the subjective
775 * security is overridden when an alternative set of credentials is used.
784 * set_security_override_from_ctx - Set the security ID in a set of credentials
788 * Set the LSM security ID in a set of credentials so that the subjective
789 * security is overridden when an alternative set of credentials is used. The
807 * set_create_files_as - Set the LSM file create context in a set of credentials
811 * Change the LSM file creation context in a set of credentials to be the same
812 * as the object context of the specified inode, so that the new inodes have
817 if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid)) in set_create_files_as()
818 return -EINVAL; in set_create_files_as()
819 new->fsuid = inode->i_uid; in set_create_files_as()
820 new->fsgid = inode->i_gid; in set_create_files_as()
829 if (cred->magic != CRED_MAGIC) in creds_are_invalid()
844 cred == tsk->real_cred ? "[real]" : "", in dump_invalid_creds()
845 cred == tsk->cred ? "[eff]" : ""); in dump_invalid_creds()
846 pr_err("->magic=%x, put_addr=%p\n", in dump_invalid_creds()
847 cred->magic, cred->put_addr); in dump_invalid_creds()
848 pr_err("->usage=%d, subscr=%d\n", in dump_invalid_creds()
849 atomic_read(&cred->usage), in dump_invalid_creds()
851 pr_err("->*uid = { %d,%d,%d,%d }\n", in dump_invalid_creds()
852 from_kuid_munged(&init_user_ns, cred->uid), in dump_invalid_creds()
853 from_kuid_munged(&init_user_ns, cred->euid), in dump_invalid_creds()
854 from_kuid_munged(&init_user_ns, cred->suid), in dump_invalid_creds()
855 from_kuid_munged(&init_user_ns, cred->fsuid)); in dump_invalid_creds()
856 pr_err("->*gid = { %d,%d,%d,%d }\n", in dump_invalid_creds()
857 from_kgid_munged(&init_user_ns, cred->gid), in dump_invalid_creds()
858 from_kgid_munged(&init_user_ns, cred->egid), in dump_invalid_creds()
859 from_kgid_munged(&init_user_ns, cred->sgid), in dump_invalid_creds()
860 from_kgid_munged(&init_user_ns, cred->fsgid)); in dump_invalid_creds()
862 pr_err("->security is %p\n", cred->security); in dump_invalid_creds()
863 if ((unsigned long) cred->security >= PAGE_SIZE && in dump_invalid_creds()
864 (((unsigned long) cred->security & 0xffffff00) != in dump_invalid_creds()
866 pr_err("->security {%x, %x}\n", in dump_invalid_creds()
867 ((u32*)cred->security)[0], in dump_invalid_creds()
868 ((u32*)cred->security)[1]); in dump_invalid_creds()
873 * report use of invalid credentials
890 if (tsk->cred == tsk->real_cred) { in __validate_process_creds()
891 if (unlikely(read_cred_subscribers(tsk->cred) < 2 || in __validate_process_creds()
892 creds_are_invalid(tsk->cred))) in __validate_process_creds()
895 if (unlikely(read_cred_subscribers(tsk->real_cred) < 1 || in __validate_process_creds()
896 read_cred_subscribers(tsk->cred) < 1 || in __validate_process_creds()
897 creds_are_invalid(tsk->real_cred) || in __validate_process_creds()
898 creds_are_invalid(tsk->cred))) in __validate_process_creds()
907 dump_invalid_creds(tsk->real_cred, "Real", tsk); in __validate_process_creds()
908 if (tsk->cred != tsk->real_cred) in __validate_process_creds()
909 dump_invalid_creds(tsk->cred, "Effective", tsk); in __validate_process_creds()
922 tsk->real_cred, tsk->cred, in validate_creds_for_do_exit()
923 atomic_read(&tsk->cred->usage), in validate_creds_for_do_exit()
924 read_cred_subscribers(tsk->cred)); in validate_creds_for_do_exit()