selinux: consolidate the ptrace parent lookup code
authorPaul Moore <paul@paul-moore.com>
Thu, 31 Mar 2016 01:41:21 +0000 (21:41 -0400)
committerPaul Moore <paul@paul-moore.com>
Tue, 5 Apr 2016 20:11:02 +0000 (16:11 -0400)
We lookup the tracing parent in two places, using effectively the
same code, let's consolidate it.

Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c

index dd1fbea37b7841a2647f55e795dc6a9ef27e2a3e..5003b5aa3b43a325cad41d80f2f1cfb35f65412a 100644 (file)
@@ -2229,6 +2229,20 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
 
 /* binprm security operations */
 
+static u32 ptrace_parent_sid(struct task_struct *task)
+{
+       u32 sid = 0;
+       struct task_struct *tracer;
+
+       rcu_read_lock();
+       tracer = ptrace_parent(task);
+       if (tracer)
+               sid = task_sid(tracer);
+       rcu_read_unlock();
+
+       return sid;
+}
+
 static int check_nnp_nosuid(const struct linux_binprm *bprm,
                            const struct task_security_struct *old_tsec,
                            const struct task_security_struct *new_tsec)
@@ -2350,18 +2364,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
                 * changes its SID has the appropriate permit */
                if (bprm->unsafe &
                    (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
-                       struct task_struct *tracer;
-                       struct task_security_struct *sec;
-                       u32 ptsid = 0;
-
-                       rcu_read_lock();
-                       tracer = ptrace_parent(current);
-                       if (likely(tracer != NULL)) {
-                               sec = __task_cred(tracer)->security;
-                               ptsid = sec->sid;
-                       }
-                       rcu_read_unlock();
-
+                       u32 ptsid = ptrace_parent_sid(current);
                        if (ptsid != 0) {
                                rc = avc_has_perm(ptsid, new_tsec->sid,
                                                  SECCLASS_PROCESS,
@@ -5677,7 +5680,6 @@ static int selinux_setprocattr(struct task_struct *p,
                               char *name, void *value, size_t size)
 {
        struct task_security_struct *tsec;
-       struct task_struct *tracer;
        struct cred *new;
        u32 sid = 0, ptsid;
        int error;
@@ -5784,14 +5786,8 @@ static int selinux_setprocattr(struct task_struct *p,
 
                /* Check for ptracing, and update the task SID if ok.
                   Otherwise, leave SID unchanged and fail. */
-               ptsid = 0;
-               rcu_read_lock();
-               tracer = ptrace_parent(p);
-               if (tracer)
-                       ptsid = task_sid(tracer);
-               rcu_read_unlock();
-
-               if (tracer) {
+               ptsid = ptrace_parent_sid(p);
+               if (ptsid != 0) {
                        error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
                                             PROCESS__PTRACE, NULL);
                        if (error)