security/landlock/cred.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Landlock LSM - Credential hooks
   4  *
   5  * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
   6  * Copyright © 2018-2020 ANSSI
   7  */
   8
   9 #include <linux/cred.h>
  10 #include <linux/lsm_hooks.h>
  11
  12 #include "common.h"
  13 #include "cred.h"
  14 #include "ruleset.h"
  15 #include "setup.h"
  16
  17 static void hook_cred_transfer(struct cred *const new,
  18                                const struct cred *const old)
  19 {
  20         struct landlock_ruleset *const old_dom = landlock_cred(old)->domain;
  21
  22         if (old_dom) {
  23                 landlock_get_ruleset(old_dom);
  24                 landlock_cred(new)->domain = old_dom;
  25         }
  26 }
  27
  28 static int hook_cred_prepare(struct cred *const new,
  29                              const struct cred *const old, const gfp_t gfp)
  30 {
  31         hook_cred_transfer(new, old);
  32         return 0;
  33 }
  34
  35 static void hook_cred_free(struct cred *const cred)
  36 {
  37         struct landlock_ruleset *const dom = landlock_cred(cred)->domain;
  38
  39         if (dom)
  40                 landlock_put_ruleset_deferred(dom);
  41 }
  42
  43 static struct security_hook_list landlock_hooks[] __ro_after_init = {
  44         LSM_HOOK_INIT(cred_prepare, hook_cred_prepare),
  45         LSM_HOOK_INIT(cred_transfer, hook_cred_transfer),
  46         LSM_HOOK_INIT(cred_free, hook_cred_free),
  47 };
  48
  49 __init void landlock_add_cred_hooks(void)
  50 {
  51         security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
  52                            &landlock_lsmid);
  53 }