diff options
author | David Howells <dhowells@redhat.com> | 2008-11-14 10:38:49 +1100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-14 10:38:49 +1100 |
commit | 4eea03539d9a8e3f5056aed690efde1f75535e7b (patch) | |
tree | 1dd58dee9a286459c7a70b8f82edcb63d20b2c07 | |
parent | ec4c2aacd16672febca053109eb9ddf672108ca1 (diff) | |
download | kernel_samsung_smdk4412-4eea03539d9a8e3f5056aed690efde1f75535e7b.zip kernel_samsung_smdk4412-4eea03539d9a8e3f5056aed690efde1f75535e7b.tar.gz kernel_samsung_smdk4412-4eea03539d9a8e3f5056aed690efde1f75535e7b.tar.bz2 |
CRED: Wrap task credential accesses in the eCryptFS filesystem
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Mike Halcrow <mhalcrow@us.ibm.com>
Cc: Phillip Hellewell <phillip@hellewell.homeip.net>
Cc: ecryptfs-devel@lists.sourceforge.net
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | fs/ecryptfs/messaging.c | 18 | ||||
-rw-r--r-- | fs/ecryptfs/miscdev.c | 20 |
2 files changed, 22 insertions, 16 deletions
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index c698397..e0b0a4e 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c @@ -361,6 +361,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, size_t msg_size; struct nsproxy *nsproxy; struct user_namespace *current_user_ns; + uid_t ctx_euid; int rc; if (msg->index >= ecryptfs_message_buf_len) { @@ -385,8 +386,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, goto wake_up; } current_user_ns = nsproxy->user_ns; - rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, - current_user_ns); + ctx_euid = task_euid(msg_ctx->task); + rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, current_user_ns); rcu_read_unlock(); mutex_unlock(&ecryptfs_daemon_hash_mux); if (rc) { @@ -394,14 +395,14 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, printk(KERN_WARNING "%s: User [%d] received a " "message response from process [0x%p] but does " "not have a registered daemon\n", __func__, - msg_ctx->task->euid, pid); + ctx_euid, pid); goto wake_up; } - if (msg_ctx->task->euid != euid) { + if (ctx_euid != euid) { rc = -EBADMSG; printk(KERN_WARNING "%s: Received message from user " "[%d]; expected message from user [%d]\n", __func__, - euid, msg_ctx->task->euid); + euid, ctx_euid); goto unlock; } if (current_user_ns != user_ns) { @@ -415,7 +416,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, rc = -EBADMSG; printk(KERN_ERR "%s: User [%d] sent a message response " "from an unrecognized process [0x%p]\n", - __func__, msg_ctx->task->euid, pid); + __func__, ctx_euid, pid); goto unlock; } if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { @@ -464,14 +465,15 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, struct ecryptfs_msg_ctx **msg_ctx) { struct ecryptfs_daemon *daemon; + uid_t euid = current_euid(); int rc; - rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, + rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current->nsproxy->user_ns); if (rc || !daemon) { rc = -ENOTCONN; printk(KERN_ERR "%s: User [%d] does not have a daemon " - "registered\n", __func__, current->euid); + "registered\n", __func__, euid); goto out; } mutex_lock(&ecryptfs_msg_ctx_lists_mux); diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c index b484792..047ac60 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c @@ -42,11 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt) { struct ecryptfs_daemon *daemon; unsigned int mask = 0; + uid_t euid = current_euid(); int rc; mutex_lock(&ecryptfs_daemon_hash_mux); /* TODO: Just use file->private_data? */ - rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, + rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current->nsproxy->user_ns); BUG_ON(rc || !daemon); mutex_lock(&daemon->mux); @@ -83,6 +84,7 @@ static int ecryptfs_miscdev_open(struct inode *inode, struct file *file) { struct ecryptfs_daemon *daemon = NULL; + uid_t euid = current_euid(); int rc; mutex_lock(&ecryptfs_daemon_hash_mux); @@ -93,10 +95,10 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) "count; rc = [%d]\n", __func__, rc); goto out_unlock_daemon_list; } - rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, + rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current->nsproxy->user_ns); if (rc || !daemon) { - rc = ecryptfs_spawn_daemon(&daemon, current->euid, + rc = ecryptfs_spawn_daemon(&daemon, euid, current->nsproxy->user_ns, task_pid(current)); if (rc) { @@ -147,10 +149,11 @@ static int ecryptfs_miscdev_release(struct inode *inode, struct file *file) { struct ecryptfs_daemon *daemon = NULL; + uid_t euid = current_euid(); int rc; mutex_lock(&ecryptfs_daemon_hash_mux); - rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, + rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current->nsproxy->user_ns); BUG_ON(rc || !daemon); mutex_lock(&daemon->mux); @@ -246,11 +249,12 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, char packet_length[3]; size_t i; size_t total_length; + uid_t euid = current_euid(); int rc; mutex_lock(&ecryptfs_daemon_hash_mux); /* TODO: Just use file->private_data? */ - rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, + rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current->nsproxy->user_ns); BUG_ON(rc || !daemon); mutex_lock(&daemon->mux); @@ -290,7 +294,7 @@ check_list: * message from the queue; try again */ goto check_list; } - BUG_ON(current->euid != daemon->euid); + BUG_ON(euid != daemon->euid); BUG_ON(current->nsproxy->user_ns != daemon->user_ns); BUG_ON(task_pid(current) != daemon->pid); msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, @@ -414,6 +418,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, size_t packet_size, packet_size_length, i; ssize_t sz = 0; char *data; + uid_t euid = current_euid(); int rc; if (count == 0) @@ -463,8 +468,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, goto out_free; } rc = ecryptfs_miscdev_response(&data[i], packet_size, - current->euid, - current->nsproxy->user_ns, + euid, current->nsproxy->user_ns, task_pid(current), seq); if (rc) printk(KERN_WARNING "%s: Failed to deliver miscdev " |