linux/security
Matthew Garrett d906c10d8a IMA: Support using new creds in appraisal policy
The existing BPRM_CHECK functionality in IMA validates against the
credentials of the existing process, not any new credentials that the
child process may transition to. Add an additional CREDS_CHECK target
and refactor IMA to pass the appropriate creds structure. In
ima_bprm_check(), check with both the existing process credentials and
the credentials that will be committed when the new process is started.
This will not change behaviour unless the system policy is extended to
include CREDS_CHECK targets - BPRM_CHECK will continue to check the same
credentials that it did previously.

After this patch, an IMA policy rule along the lines of:

measure func=CREDS_CHECK subj_type=unconfined_t

will trigger if a process is executed and runs as unconfined_t, ignoring
the context of the parent process. This is in contrast to:

measure func=BPRM_CHECK subj_type=unconfined_t

which will trigger if the process that calls exec() is already executing
in unconfined_t, ignoring the context that the child process executes
into.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

Changelog:
- initialize ima_creds_status
2018-03-23 06:31:11 -04:00
..
apparmor usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill 2018-03-07 09:05:53 +11:00
integrity IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
keys KEYS: Use individual pages in big_key for crypto buffers 2018-02-22 14:58:38 +00:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux security: Add a cred_getsecid hook 2018-03-23 06:31:11 -04:00
smack security: Add a cred_getsecid hook 2018-03-23 06:31:11 -04:00
tomoyo vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
yama pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
commoncap.c capabilities: fix buffer overread on very short xattr 2018-01-02 20:49:13 +11:00
device_cgroup.c device_cgroup: prepare code for bpf-based device controller 2017-11-05 23:26:51 +09:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
Kconfig Currently, hardened usercopy performs dynamic bounds checking on slab 2018-02-03 16:25:42 -08:00
lsm_audit.c lsm_audit: update my email address 2017-08-17 15:33:39 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c security: Add a cred_getsecid hook 2018-03-23 06:31:11 -04:00