162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Landlock LSM - Credential hooks 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> 662306a36Sopenharmony_ci * Copyright © 2018-2020 ANSSI 762306a36Sopenharmony_ci */ 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci#include <linux/cred.h> 1062306a36Sopenharmony_ci#include <linux/lsm_hooks.h> 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci#include "common.h" 1362306a36Sopenharmony_ci#include "cred.h" 1462306a36Sopenharmony_ci#include "ruleset.h" 1562306a36Sopenharmony_ci#include "setup.h" 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_cistatic int hook_cred_prepare(struct cred *const new, 1862306a36Sopenharmony_ci const struct cred *const old, const gfp_t gfp) 1962306a36Sopenharmony_ci{ 2062306a36Sopenharmony_ci struct landlock_ruleset *const old_dom = landlock_cred(old)->domain; 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci if (old_dom) { 2362306a36Sopenharmony_ci landlock_get_ruleset(old_dom); 2462306a36Sopenharmony_ci landlock_cred(new)->domain = old_dom; 2562306a36Sopenharmony_ci } 2662306a36Sopenharmony_ci return 0; 2762306a36Sopenharmony_ci} 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_cistatic void hook_cred_free(struct cred *const cred) 3062306a36Sopenharmony_ci{ 3162306a36Sopenharmony_ci struct landlock_ruleset *const dom = landlock_cred(cred)->domain; 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci if (dom) 3462306a36Sopenharmony_ci landlock_put_ruleset_deferred(dom); 3562306a36Sopenharmony_ci} 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_cistatic struct security_hook_list landlock_hooks[] __ro_after_init = { 3862306a36Sopenharmony_ci LSM_HOOK_INIT(cred_prepare, hook_cred_prepare), 3962306a36Sopenharmony_ci LSM_HOOK_INIT(cred_free, hook_cred_free), 4062306a36Sopenharmony_ci}; 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ci__init void landlock_add_cred_hooks(void) 4362306a36Sopenharmony_ci{ 4462306a36Sopenharmony_ci security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), 4562306a36Sopenharmony_ci LANDLOCK_NAME); 4662306a36Sopenharmony_ci} 47