Loading init/Kconfig +0 −3 Original line number Diff line number Diff line Loading @@ -962,9 +962,6 @@ config UIDGID_CONVERTED # The rare drivers that won't build depends on ANDROID_BINDER_IPC = n # Security modules depends on SECURITY_TOMOYO = n config UIDGID_STRICT_TYPE_CHECKS bool "Require conversions between uid/gids and their internal representation" depends on UIDGID_CONVERTED Loading security/tomoyo/audit.c +16 −7 Original line number Diff line number Diff line Loading @@ -168,9 +168,14 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, tomoyo_sys_getpid(), tomoyo_sys_getppid(), current_uid(), current_gid(), current_euid(), current_egid(), current_suid(), current_sgid(), current_fsuid(), current_fsgid()); from_kuid(&init_user_ns, current_uid()), from_kgid(&init_user_ns, current_gid()), from_kuid(&init_user_ns, current_euid()), from_kgid(&init_user_ns, current_egid()), from_kuid(&init_user_ns, current_suid()), from_kgid(&init_user_ns, current_sgid()), from_kuid(&init_user_ns, current_fsuid()), from_kgid(&init_user_ns, current_fsgid())); if (!obj) goto no_obj_info; if (!obj->validate_done) { Loading @@ -191,15 +196,19 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) tomoyo_buffer_len - 1 - pos, " path%u.parent={ uid=%u gid=%u " "ino=%lu perm=0%o }", (i >> 1) + 1, stat->uid, stat->gid, (unsigned long) stat->ino, stat->mode & S_IALLUGO); from_kuid(&init_user_ns, stat->uid), from_kgid(&init_user_ns, stat->gid), (unsigned long)stat->ino, stat->mode & S_IALLUGO); continue; } pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, " path%u={ uid=%u gid=%u ino=%lu major=%u" " minor=%u perm=0%o type=%s", (i >> 1) + 1, stat->uid, stat->gid, (unsigned long) stat->ino, MAJOR(dev), MINOR(dev), from_kuid(&init_user_ns, stat->uid), from_kgid(&init_user_ns, stat->gid), (unsigned long)stat->ino, MAJOR(dev), MINOR(dev), mode & S_IALLUGO, tomoyo_filetype(mode)); if (S_ISCHR(mode) || S_ISBLK(mode)) { dev = stat->rdev; Loading security/tomoyo/common.c +3 −1 Original line number Diff line number Diff line Loading @@ -925,7 +925,9 @@ static bool tomoyo_manager(void) if (!tomoyo_policy_loaded) return true; if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) if (!tomoyo_manage_by_non_root && (!uid_eq(task->cred->uid, GLOBAL_ROOT_UID) || !uid_eq(task->cred->euid, GLOBAL_ROOT_UID))) return false; exe = tomoyo_get_exe(); if (!exe) Loading security/tomoyo/common.h +2 −2 Original line number Diff line number Diff line Loading @@ -561,8 +561,8 @@ struct tomoyo_address_group { /* Subset of "struct stat". Used by conditional ACL and audit logs. */ struct tomoyo_mini_stat { uid_t uid; gid_t gid; kuid_t uid; kgid_t gid; ino_t ino; umode_t mode; dev_t dev; Loading security/tomoyo/condition.c +10 −10 Original line number Diff line number Diff line Loading @@ -813,28 +813,28 @@ bool tomoyo_condition(struct tomoyo_request_info *r, unsigned long value = 0; switch (index) { case TOMOYO_TASK_UID: value = current_uid(); value = from_kuid(&init_user_ns, current_uid()); break; case TOMOYO_TASK_EUID: value = current_euid(); value = from_kuid(&init_user_ns, current_euid()); break; case TOMOYO_TASK_SUID: value = current_suid(); value = from_kuid(&init_user_ns, current_suid()); break; case TOMOYO_TASK_FSUID: value = current_fsuid(); value = from_kuid(&init_user_ns, current_fsuid()); break; case TOMOYO_TASK_GID: value = current_gid(); value = from_kgid(&init_user_ns, current_gid()); break; case TOMOYO_TASK_EGID: value = current_egid(); value = from_kgid(&init_user_ns, current_egid()); break; case TOMOYO_TASK_SGID: value = current_sgid(); value = from_kgid(&init_user_ns, current_sgid()); break; case TOMOYO_TASK_FSGID: value = current_fsgid(); value = from_kgid(&init_user_ns, current_fsgid()); break; case TOMOYO_TASK_PID: value = tomoyo_sys_getpid(); Loading Loading @@ -970,13 +970,13 @@ bool tomoyo_condition(struct tomoyo_request_info *r, case TOMOYO_PATH2_UID: case TOMOYO_PATH1_PARENT_UID: case TOMOYO_PATH2_PARENT_UID: value = stat->uid; value = from_kuid(&init_user_ns, stat->uid); break; case TOMOYO_PATH1_GID: case TOMOYO_PATH2_GID: case TOMOYO_PATH1_PARENT_GID: case TOMOYO_PATH2_PARENT_GID: value = stat->gid; value = from_kgid(&init_user_ns, stat->gid); break; case TOMOYO_PATH1_INO: case TOMOYO_PATH2_INO: Loading Loading
init/Kconfig +0 −3 Original line number Diff line number Diff line Loading @@ -962,9 +962,6 @@ config UIDGID_CONVERTED # The rare drivers that won't build depends on ANDROID_BINDER_IPC = n # Security modules depends on SECURITY_TOMOYO = n config UIDGID_STRICT_TYPE_CHECKS bool "Require conversions between uid/gids and their internal representation" depends on UIDGID_CONVERTED Loading
security/tomoyo/audit.c +16 −7 Original line number Diff line number Diff line Loading @@ -168,9 +168,14 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, tomoyo_sys_getpid(), tomoyo_sys_getppid(), current_uid(), current_gid(), current_euid(), current_egid(), current_suid(), current_sgid(), current_fsuid(), current_fsgid()); from_kuid(&init_user_ns, current_uid()), from_kgid(&init_user_ns, current_gid()), from_kuid(&init_user_ns, current_euid()), from_kgid(&init_user_ns, current_egid()), from_kuid(&init_user_ns, current_suid()), from_kgid(&init_user_ns, current_sgid()), from_kuid(&init_user_ns, current_fsuid()), from_kgid(&init_user_ns, current_fsgid())); if (!obj) goto no_obj_info; if (!obj->validate_done) { Loading @@ -191,15 +196,19 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) tomoyo_buffer_len - 1 - pos, " path%u.parent={ uid=%u gid=%u " "ino=%lu perm=0%o }", (i >> 1) + 1, stat->uid, stat->gid, (unsigned long) stat->ino, stat->mode & S_IALLUGO); from_kuid(&init_user_ns, stat->uid), from_kgid(&init_user_ns, stat->gid), (unsigned long)stat->ino, stat->mode & S_IALLUGO); continue; } pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, " path%u={ uid=%u gid=%u ino=%lu major=%u" " minor=%u perm=0%o type=%s", (i >> 1) + 1, stat->uid, stat->gid, (unsigned long) stat->ino, MAJOR(dev), MINOR(dev), from_kuid(&init_user_ns, stat->uid), from_kgid(&init_user_ns, stat->gid), (unsigned long)stat->ino, MAJOR(dev), MINOR(dev), mode & S_IALLUGO, tomoyo_filetype(mode)); if (S_ISCHR(mode) || S_ISBLK(mode)) { dev = stat->rdev; Loading
security/tomoyo/common.c +3 −1 Original line number Diff line number Diff line Loading @@ -925,7 +925,9 @@ static bool tomoyo_manager(void) if (!tomoyo_policy_loaded) return true; if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) if (!tomoyo_manage_by_non_root && (!uid_eq(task->cred->uid, GLOBAL_ROOT_UID) || !uid_eq(task->cred->euid, GLOBAL_ROOT_UID))) return false; exe = tomoyo_get_exe(); if (!exe) Loading
security/tomoyo/common.h +2 −2 Original line number Diff line number Diff line Loading @@ -561,8 +561,8 @@ struct tomoyo_address_group { /* Subset of "struct stat". Used by conditional ACL and audit logs. */ struct tomoyo_mini_stat { uid_t uid; gid_t gid; kuid_t uid; kgid_t gid; ino_t ino; umode_t mode; dev_t dev; Loading
security/tomoyo/condition.c +10 −10 Original line number Diff line number Diff line Loading @@ -813,28 +813,28 @@ bool tomoyo_condition(struct tomoyo_request_info *r, unsigned long value = 0; switch (index) { case TOMOYO_TASK_UID: value = current_uid(); value = from_kuid(&init_user_ns, current_uid()); break; case TOMOYO_TASK_EUID: value = current_euid(); value = from_kuid(&init_user_ns, current_euid()); break; case TOMOYO_TASK_SUID: value = current_suid(); value = from_kuid(&init_user_ns, current_suid()); break; case TOMOYO_TASK_FSUID: value = current_fsuid(); value = from_kuid(&init_user_ns, current_fsuid()); break; case TOMOYO_TASK_GID: value = current_gid(); value = from_kgid(&init_user_ns, current_gid()); break; case TOMOYO_TASK_EGID: value = current_egid(); value = from_kgid(&init_user_ns, current_egid()); break; case TOMOYO_TASK_SGID: value = current_sgid(); value = from_kgid(&init_user_ns, current_sgid()); break; case TOMOYO_TASK_FSGID: value = current_fsgid(); value = from_kgid(&init_user_ns, current_fsgid()); break; case TOMOYO_TASK_PID: value = tomoyo_sys_getpid(); Loading Loading @@ -970,13 +970,13 @@ bool tomoyo_condition(struct tomoyo_request_info *r, case TOMOYO_PATH2_UID: case TOMOYO_PATH1_PARENT_UID: case TOMOYO_PATH2_PARENT_UID: value = stat->uid; value = from_kuid(&init_user_ns, stat->uid); break; case TOMOYO_PATH1_GID: case TOMOYO_PATH2_GID: case TOMOYO_PATH1_PARENT_GID: case TOMOYO_PATH2_PARENT_GID: value = stat->gid; value = from_kgid(&init_user_ns, stat->gid); break; case TOMOYO_PATH1_INO: case TOMOYO_PATH2_INO: Loading