cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

cred.c (1075B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * Landlock LSM - Credential hooks
      4 *
      5 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
      6 * Copyright © 2018-2020 ANSSI
      7 */
      8
      9#include <linux/cred.h>
     10#include <linux/lsm_hooks.h>
     11
     12#include "common.h"
     13#include "cred.h"
     14#include "ruleset.h"
     15#include "setup.h"
     16
     17static int hook_cred_prepare(struct cred *const new,
     18			     const struct cred *const old, const gfp_t gfp)
     19{
     20	struct landlock_ruleset *const old_dom = landlock_cred(old)->domain;
     21
     22	if (old_dom) {
     23		landlock_get_ruleset(old_dom);
     24		landlock_cred(new)->domain = old_dom;
     25	}
     26	return 0;
     27}
     28
     29static void hook_cred_free(struct cred *const cred)
     30{
     31	struct landlock_ruleset *const dom = landlock_cred(cred)->domain;
     32
     33	if (dom)
     34		landlock_put_ruleset_deferred(dom);
     35}
     36
     37static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
     38	LSM_HOOK_INIT(cred_prepare, hook_cred_prepare),
     39	LSM_HOOK_INIT(cred_free, hook_cred_free),
     40};
     41
     42__init void landlock_add_cred_hooks(void)
     43{
     44	security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
     45			   LANDLOCK_NAME);
     46}