security: create task_free security callback

The current LSM interface to cred_free is not sufficient for allowing
an LSM to track the life and death of a task. This patch adds the
task_free hook so that an LSM can clean up resources on task death.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/include/linux/security.h b/include/linux/security.h
index 83c18e8c846d399832c5ab3ab2e5500286b26186..8325eddd9ee4f649ea8904aebf171b99995b779e 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -651,6 +651,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     manual page for definitions of the @clone_flags.
  *     @clone_flags contains the flags indicating what should be shared.
  *     Return 0 if permission is granted.
+ * @task_free:
+ *     @task task being freed
+ *     Handle release of task-related resources. (Note that this can be called
+ *     from interrupt context.)
  * @cred_alloc_blank:
  *     @cred points to the credentials.
  *     @gfp indicates the atomicity of any memory allocations.
@@ -1493,6 +1497,7 @@ struct security_operations {
        int (*dentry_open) (struct file *file, const struct cred *cred);
 
        int (*task_create) (unsigned long clone_flags);
+       void (*task_free) (struct task_struct *task);
        int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
        void (*cred_free) (struct cred *cred);
        int (*cred_prepare)(struct cred *new, const struct cred *old,
@@ -1752,6 +1757,7 @@ int security_file_send_sigiotask(struct task_struct *tsk,
 int security_file_receive(struct file *file);
 int security_dentry_open(struct file *file, const struct cred *cred);
 int security_task_create(unsigned long clone_flags);
+void security_task_free(struct task_struct *task);
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
 void security_cred_free(struct cred *cred);
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
@@ -2245,6 +2251,9 @@ static inline int security_task_create(unsigned long clone_flags)
        return 0;
 }
 
+static inline void security_task_free(struct task_struct *task)
+{ }
+
 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
        return 0;

diff --git a/kernel/fork.c b/kernel/fork.c
index 1b2ef3c23ae4a7999707f2f61a86f7a7080f457a..f0e7781ba9b4f9f7046a9ca608978166de4340c9 100644 (file)
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -192,6 +192,7 @@ void __put_task_struct(struct task_struct *tsk)
        WARN_ON(atomic_read(&tsk->usage));
        WARN_ON(tsk == current);
 
+       security_task_free(tsk);
        exit_creds(tsk);
        delayacct_tsk_free(tsk);
        put_signal_struct(tsk->signal);

diff --git a/security/capability.c b/security/capability.c
index 2f680eb02b59e3f08a437f97d963eac100b3b3ea..5bb21b1c448ce5e8e3ebfeb4b301209fab131ac0 100644 (file)
--- a/security/capability.c
+++ b/security/capability.c
@@ -358,6 +358,10 @@ static int cap_task_create(unsigned long clone_flags)
        return 0;
 }
 
+static void cap_task_free(struct task_struct *task)
+{
+}
+
 static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
        return 0;
@@ -954,6 +958,7 @@ void __init security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, file_receive);
        set_to_cap_if_null(ops, dentry_open);
        set_to_cap_if_null(ops, task_create);
+       set_to_cap_if_null(ops, task_free);
        set_to_cap_if_null(ops, cred_alloc_blank);
        set_to_cap_if_null(ops, cred_free);
        set_to_cap_if_null(ops, cred_prepare);

diff --git a/security/security.c b/security/security.c
index d7542493454d457ac15118bbd3e126e8b104043f..7d9426bb744217bb309f245e3b3b4aa232e069b4 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -729,6 +729,11 @@ int security_task_create(unsigned long clone_flags)
        return security_ops->task_create(clone_flags);
 }
 
+void security_task_free(struct task_struct *task)
+{
+       security_ops->task_free(task);
+}
+
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
        return security_ops->cred_alloc_blank(cred, gfp);