signals: cleanup security_task_kill() usage/implementation

author Oleg Nesterov <oleg@tv-sign.ru>

Wed, 30 Apr 2008 07:52:42 +0000 (00:52 -0700)

committer Linus Torvalds <torvalds@linux-foundation.org>

Wed, 30 Apr 2008 15:29:34 +0000 (08:29 -0700)
author Oleg Nesterov <oleg@tv-sign.ru>
Wed, 30 Apr 2008 07:52:42 +0000 (00:52 -0700)
committer Linus Torvalds <torvalds@linux-foundation.org>
Wed, 30 Apr 2008 15:29:34 +0000 (08:29 -0700)
diff --git a/kernel/signal.c b/kernel/signal.c

index f9a52c7212744f690053df2ca6d529b38a0cb03a..91d57f89f5a582f291adba3ff18a77992295b293 100644 (file)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -533,22 +533,23 @@ static int rm_from_queue(unsigned long mask, struct sigpending *s)
  static int check_kill_permission(int sig, struct siginfo *info,
                                  struct task_struct *t)
  {
-       int error = -EINVAL;
+       int error;
+
         if (!valid_signal(sig))
-               return error;
+               return -EINVAL;
  
-       if (info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) {
-               error = audit_signal_info(sig, t); /* Let audit system see the signal */
-               if (error)
-                       return error;
-               error = -EPERM;
-               if (((sig != SIGCONT) ||
-                       (task_session_nr(current) != task_session_nr(t)))
-                   && (current->euid ^ t->suid) && (current->euid ^ t->uid)
-                   && (current->uid ^ t->suid) && (current->uid ^ t->uid)
-                   && !capable(CAP_KILL))
+       if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
+               return 0;
+
+       error = audit_signal_info(sig, t); /* Let audit system see the signal */
+       if (error)
                 return error;
-       }
+
+       if (((sig != SIGCONT) || (task_session_nr(current) != task_session_nr(t)))
+           && (current->euid ^ t->suid) && (current->euid ^ t->uid)
+           && (current->uid ^ t->suid) && (current->uid ^ t->uid)
+           && !capable(CAP_KILL))
+               return -EPERM;
  
         return security_task_kill(t, info, sig, 0);
  }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c

index 85a220465a8ffa4d9ccf7225c9f2fd537164afd7..1b50a6ebc55fca85edaa9b7ef6256f31cc07ad4d 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3286,9 +3286,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
         if (rc)
                 return rc;
  
-       if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
-               return 0;
-
         if (!sig)
                 perm = PROCESS__SIGNULL; /* null signal; existence test */
         else
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c

index fe0ae1bf165069bb8e0e9ea6b485a33558d5dfc7..b5c8f9237008618630d95cdf58ba945b06fe94d0 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1130,15 +1130,6 @@ static int smack_task_movememory(struct task_struct *p)
  static int smack_task_kill(struct task_struct *p, struct siginfo *info,
                            int sig, u32 secid)
  {
-       /*
-        * Special cases where signals really ought to go through
-        * in spite of policy. Stephen Smalley suggests it may
-        * make sense to change the caller so that it doesn't
-        * bother with the LSM hook in these cases.
-        */
-       if (info != SEND_SIG_NOINFO &&
-           (is_si_special(info) || SI_FROMKERNEL(info)))
-               return 0;
         /*
          * Sending a signal requires that the sender
          * can write the receiver.
author	Oleg Nesterov <oleg@tv-sign.ru>
	Wed, 30 Apr 2008 07:52:42 +0000 (00:52 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Wed, 30 Apr 2008 15:29:34 +0000 (08:29 -0700)
kernel/signal.c		patch \| blob \| blame \| history
security/selinux/hooks.c		patch \| blob \| blame \| history
security/smack/smack_lsm.c		patch \| blob \| blame \| history