1 | // SPDX-License-Identifier: GPL-2.0-only |
---|---|
2 | /* |
3 | * Landlock LSM - Credential hooks |
4 | * |
5 | * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> |
6 | * Copyright © 2018-2020 ANSSI |
7 | */ |
8 | |
9 | #include <linux/cred.h> |
10 | #include <linux/lsm_hooks.h> |
11 | |
12 | #include "common.h" |
13 | #include "cred.h" |
14 | #include "ruleset.h" |
15 | #include "setup.h" |
16 | |
17 | static int hook_cred_prepare(struct cred *const new, |
18 | const struct cred *const old, const gfp_t gfp) |
19 | { |
20 | struct landlock_ruleset *const old_dom = landlock_cred(cred: old)->domain; |
21 | |
22 | if (old_dom) { |
23 | landlock_get_ruleset(ruleset: old_dom); |
24 | landlock_cred(cred: new)->domain = old_dom; |
25 | } |
26 | return 0; |
27 | } |
28 | |
29 | static void hook_cred_free(struct cred *const cred) |
30 | { |
31 | struct landlock_ruleset *const dom = landlock_cred(cred)->domain; |
32 | |
33 | if (dom) |
34 | landlock_put_ruleset_deferred(ruleset: dom); |
35 | } |
36 | |
37 | static struct security_hook_list landlock_hooks[] __ro_after_init = { |
38 | LSM_HOOK_INIT(cred_prepare, hook_cred_prepare), |
39 | LSM_HOOK_INIT(cred_free, hook_cred_free), |
40 | }; |
41 | |
42 | __init void landlock_add_cred_hooks(void) |
43 | { |
44 | security_add_hooks(hooks: landlock_hooks, ARRAY_SIZE(landlock_hooks), |
45 | lsmid: &landlock_lsmid); |
46 | } |
47 |