As discussed briefly on the list (lore link below), we are a little
sloppy when it comes to using task credentials, mixing both the
subjective and object credentials. This patch set attempts to fix
this by replacing security_task_getsecid() with two new hooks that
return either the subjective (_subj) or objective (_obj) credentials.
https://lore.kernel.org/linux-security-module/806848326.0ifERbkFSE@x2/T/
Casey and John, I made a quick pass through the Smack and AppArmor
code in an effort to try and do the right thing, but I will admit
that I haven't tested those changes, just the SELinux code. I
would really appreciate your help in reviewing those changes. If
you find it easier, feel free to wholesale replace my Smack/AppArmor
patch with one of your own.
---
Paul Moore (4):
lsm: separate security_task_getsecid() into subjective and objective variants
selinux: clarify task subjective and objective credentials
smack: differentiate between subjective and objective task credentials
apparmor: differentiate between subjective and objective task credentials
security/apparmor/domain.c | 2 +-
security/apparmor/include/cred.h | 19 +++++--
security/apparmor/include/task.h | 3 +-
security/apparmor/lsm.c | 23 ++++++---
security/apparmor/task.c | 23 +++++++--
security/selinux/hooks.c | 85 ++++++++++++++++++--------------
security/smack/smack.h | 18 ++++++-
security/smack/smack_lsm.c | 40 ++++++++++-----
8 files changed, 147 insertions(+), 66 deletions(-)
--
Signature