security/landlock/cred.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Landlock LSM - Credential hooks
0004  *
0005  * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
0006  * Copyright © 2018-2020 ANSSI
0007  */
0008
0009 #include <linux/cred.h>
0010 #include <linux/lsm_hooks.h>
0011
0012 #include "common.h"
0013 #include "cred.h"
0014 #include "ruleset.h"
0015 #include "setup.h"
0016
0017 static int hook_cred_prepare(struct cred *const new,
0018                  const struct cred *const old, const gfp_t gfp)
0019 {
0020     struct landlock_ruleset *const old_dom = landlock_cred(old)->domain;
0021
0022     if (old_dom) {
0023         landlock_get_ruleset(old_dom);
0024         landlock_cred(new)->domain = old_dom;
0025     }
0026     return 0;
0027 }
0028
0029 static void hook_cred_free(struct cred *const cred)
0030 {
0031     struct landlock_ruleset *const dom = landlock_cred(cred)->domain;
0032
0033     if (dom)
0034         landlock_put_ruleset_deferred(dom);
0035 }
0036
0037 static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
0038     LSM_HOOK_INIT(cred_prepare, hook_cred_prepare),
0039     LSM_HOOK_INIT(cred_free, hook_cred_free),
0040 };
0041
0042 __init void landlock_add_cred_hooks(void)
0043 {
0044     security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
0045                LANDLOCK_NAME);
0046 }