SELinux: Remove cred security blob poisoning
The SELinux specific credential poisioning only makes sense if SELinux is managing the credentials. As the intent of this patch set is to move the blob management out of the modules and into the infrastructure, the SELinux specific code has to go. The poisioning could be introduced into the infrastructure at some later date. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Родитель
0c6cfa622c
Коммит
98c8865136
|
@ -760,19 +760,6 @@ bool creds_are_invalid(const struct cred *cred)
|
||||||
{
|
{
|
||||||
if (cred->magic != CRED_MAGIC)
|
if (cred->magic != CRED_MAGIC)
|
||||||
return true;
|
return true;
|
||||||
#ifdef CONFIG_SECURITY_SELINUX
|
|
||||||
/*
|
|
||||||
* cred->security == NULL if security_cred_alloc_blank() or
|
|
||||||
* security_prepare_creds() returned an error.
|
|
||||||
*/
|
|
||||||
if (selinux_is_enabled() && cred->security) {
|
|
||||||
if ((unsigned long) cred->security < PAGE_SIZE)
|
|
||||||
return true;
|
|
||||||
if ((*(u32 *)cred->security & 0xffffff00) ==
|
|
||||||
(POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(creds_are_invalid);
|
EXPORT_SYMBOL(creds_are_invalid);
|
||||||
|
|
|
@ -3708,12 +3708,6 @@ static void selinux_cred_free(struct cred *cred)
|
||||||
{
|
{
|
||||||
struct task_security_struct *tsec = selinux_cred(cred);
|
struct task_security_struct *tsec = selinux_cred(cred);
|
||||||
|
|
||||||
/*
|
|
||||||
* cred->security == NULL if security_cred_alloc_blank() or
|
|
||||||
* security_prepare_creds() returned an error.
|
|
||||||
*/
|
|
||||||
BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
|
|
||||||
cred->security = (void *) 0x7UL;
|
|
||||||
kfree(tsec);
|
kfree(tsec);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче