Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

selinux: consolidate the ptrace parent lookup code

We lookup the tracing parent in two places, using effectively the
same code, let's consolidate it.

Signed-off-by: Paul Moore <paul@paul-moore.com>
Paul Moore 9 years ago
parent
4b57d6bcd9
commit
0c6181cb30
1 changed files with 17 additions and 21 deletions
Split View Show Diff Stats
  1. 17 21
      security/selinux/hooks.c

+ 17 - 21
security/selinux/hooks.c
View File 

@@ -2229,6 +2229,20 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
 
 
 /* binprm security operations */
 
 
+static u32 ptrace_parent_sid(struct task_struct *task)
 
+{
 
+	u32 sid = 0;
 
+	struct task_struct *tracer;
 
+
 
+	rcu_read_lock();
 
+	tracer = ptrace_parent(task);
 
+	if (tracer)
 
+		sid = task_sid(tracer);
 
+	rcu_read_unlock();
 
+
 
+	return sid;
 
+}
 
+
 
 static int check_nnp_nosuid(const struct linux_binprm *bprm,
 
 			    const struct task_security_struct *old_tsec,
 
 			    const struct task_security_struct *new_tsec)
 
@@ -2350,18 +2364,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
 
 		 * changes its SID has the appropriate permit */
 
 		if (bprm->unsafe &
 
 		    (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
 
-			struct task_struct *tracer;
 
-			struct task_security_struct *sec;
 
-			u32 ptsid = 0;
 
-
 
-			rcu_read_lock();
 
-			tracer = ptrace_parent(current);
 
-			if (likely(tracer != NULL)) {
 
-				sec = __task_cred(tracer)->security;
 
-				ptsid = sec->sid;
 
-			}
 
-			rcu_read_unlock();
 
-
 
+			u32 ptsid = ptrace_parent_sid(current);
 
 			if (ptsid != 0) {
 
 				rc = avc_has_perm(ptsid, new_tsec->sid,
 
 						  SECCLASS_PROCESS,
 
@@ -5677,7 +5680,6 @@ static int selinux_setprocattr(struct task_struct *p,
 
 			       char *name, void *value, size_t size)
 
 {
 
 	struct task_security_struct *tsec;
 
-	struct task_struct *tracer;
 
 	struct cred *new;
 
 	u32 sid = 0, ptsid;
 
 	int error;
 
@@ -5784,14 +5786,8 @@ static int selinux_setprocattr(struct task_struct *p,
 
 
 		/* Check for ptracing, and update the task SID if ok.
 
 		   Otherwise, leave SID unchanged and fail. */
 
-		ptsid = 0;
 
-		rcu_read_lock();
 
-		tracer = ptrace_parent(p);
 
-		if (tracer)
 
-			ptsid = task_sid(tracer);
 
-		rcu_read_unlock();
 
-
 
-		if (tracer) {
 
+		ptsid = ptrace_parent_sid(p);
 
+		if (ptsid != 0) {
 
 			error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
 
 					     PROCESS__PTRACE, NULL);
 
 			if (error)