Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Macros | Functions | Variables
cred.c File Reference
#include <linux/export.h>
#include <linux/cred.h>
#include <linux/slab.h>
#include <linux/sched.h>
#include <linux/key.h>
#include <linux/keyctl.h>
#include <linux/init_task.h>
#include <linux/security.h>
#include <linux/binfmts.h>
#include <linux/cn_proc.h>

Go to the source code of this file.

Macros

#define kdebug(FMT,...)   no_printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__)
 

Functions

void __put_cred (struct cred *cred)
 
 EXPORT_SYMBOL (__put_cred)
 
void exit_creds (struct task_struct *tsk)
 
struct credget_task_cred (struct task_struct *task)
 
struct credcred_alloc_blank (void)
 
struct credprepare_creds (void)
 
 EXPORT_SYMBOL (prepare_creds)
 
struct credprepare_exec_creds (void)
 
int copy_creds (struct task_struct *p, unsigned long clone_flags)
 
int commit_creds (struct cred *new)
 
 EXPORT_SYMBOL (commit_creds)
 
void abort_creds (struct cred *new)
 
 EXPORT_SYMBOL (abort_creds)
 
struct credoverride_creds (const struct cred *new)
 
 EXPORT_SYMBOL (override_creds)
 
void revert_creds (const struct cred *old)
 
 EXPORT_SYMBOL (revert_creds)
 
void __init cred_init (void)
 
struct credprepare_kernel_cred (struct task_struct *daemon)
 
 EXPORT_SYMBOL (prepare_kernel_cred)
 
int set_security_override (struct cred *new, u32 secid)
 
 EXPORT_SYMBOL (set_security_override)
 
int set_security_override_from_ctx (struct cred *new, const char *secctx)
 
 EXPORT_SYMBOL (set_security_override_from_ctx)
 
int set_create_files_as (struct cred *new, struct inode *inode)
 
 EXPORT_SYMBOL (set_create_files_as)
 

Variables

struct cred init_cred
 

Macro Definition Documentation

#define kdebug (   FMT,
  ... 
)    no_printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__)

Definition at line 26 of file cred.c.

Function Documentation

void __put_cred ( struct cred cred)

__put_cred - Destroy a set of credentials : The record to release

Destroy a set of credentials on which no references remain.

Definition at line 169 of file cred.c.

void abort_creds ( struct cred new)

abort_creds - Discard a set of credentials and unlock the current task : The credentials that were going to be applied

Discard a set of credentials that were under construction and unlock the current task.

Definition at line 549 of file cred.c.

int commit_creds ( struct cred new)

commit_creds - Install new credentials upon the current task : The credentials to be assigned

Install a new set of credentials to the current task, using RCU to replace the old set. Both the objective and the subjective credentials pointers are updated. This function may not be called if the subjective credentials are in an overridden state.

This function eats the caller's reference to the new credentials.

Always returns 0 thus allowing this function to be tail-called at the end of, say, sys_setgid().

Definition at line 472 of file cred.c.

int copy_creds ( struct task_struct p,
unsigned long  clone_flags 
)

Definition at line 384 of file cred.c.

struct cred* cred_alloc_blank ( void  )
read

Definition at line 241 of file cred.c.

void __init cred_init ( void  )

Definition at line 619 of file cred.c.

void exit_creds ( struct task_struct tsk)

Definition at line 191 of file cred.c.

EXPORT_SYMBOL ( __put_cred  )
EXPORT_SYMBOL ( prepare_creds  )
EXPORT_SYMBOL ( commit_creds  )
EXPORT_SYMBOL ( abort_creds  )
EXPORT_SYMBOL ( override_creds  )
EXPORT_SYMBOL ( revert_creds  )
EXPORT_SYMBOL ( prepare_kernel_cred  )
EXPORT_SYMBOL ( set_security_override  )
EXPORT_SYMBOL ( set_security_override_from_ctx  )
EXPORT_SYMBOL ( set_create_files_as  )
struct cred* get_task_cred ( struct task_struct task)
read

get_task_cred - Get another task's objective credentials : The task to query

Get the objective credentials of a task, pinning them so that they can't go away. Accessing a task's credentials directly is not permitted.

The caller must also make sure task doesn't get deleted, either by holding a ref on task or by holding tasklist_lock to prevent it from being unlinked.

Definition at line 222 of file cred.c.

struct cred* override_creds ( const struct cred new)
read

override_creds - Override the current process's subjective credentials : The credentials to be assigned

Install a set of temporary override subjective credentials on the current process, returning the old set for later reversion.

Definition at line 570 of file cred.c.

struct cred* prepare_creds ( void  )
read

prepare_creds - Prepare a new set of credentials for modification

Prepare a new set of task credentials for modification. A task's creds shouldn't generally be modified directly, therefore this function is used to prepare a new copy, which the caller then modifies and then commits by calling commit_creds().

Preparation involves making a copy of the objective creds for modification.

Returns a pointer to the new creds-to-be if successful, NULL otherwise.

Call commit_creds() or abort_creds() to clean up.

Definition at line 287 of file cred.c.

struct cred* prepare_exec_creds ( void  )
read

Definition at line 335 of file cred.c.

struct cred* prepare_kernel_cred ( struct task_struct daemon)
read

prepare_kernel_cred - Prepare a set of credentials for a kernel service : A userspace daemon to be used as a reference

Prepare a set of credentials for a kernel service. This can then be used to override a task's own credentials so that work can be done on behalf of that task that requires a different subjective context.

is used to provide a base for the security record, but can be NULL. If is supplied, then the security data will be derived from that; otherwise they'll be set to 0 and no groups, full capabilities and no keys.

The caller may change these controls afterwards if desired.

Returns the new credentials or NULL if out of memory.

Does not take, and does not return holding current->cred_replace_mutex.

Definition at line 644 of file cred.c.

void revert_creds ( const struct cred old)

revert_creds - Revert a temporary subjective credentials override : The credentials to be restored

Revert a temporary set of override subjective credentials to an old set, discarding the override set.

Definition at line 599 of file cred.c.

int set_create_files_as ( struct cred new,
struct inode inode 
)

set_create_files_as - Set the LSM file create context in a set of credentials : The credentials to alter : The inode to take the context from

Change the LSM file creation context in a set of credentials to be the same as the object context of the specified inode, so that the new inodes have the same MAC context as that inode.

Definition at line 754 of file cred.c.

int set_security_override ( struct cred new,
u32  secid 
)

set_security_override - Set the security ID in a set of credentials : The credentials to alter : The LSM security ID to set

Set the LSM security ID in a set of credentials so that the subjective security is overridden when an alternative set of credentials is used.

Definition at line 716 of file cred.c.

int set_security_override_from_ctx ( struct cred new,
const char secctx 
)

set_security_override_from_ctx - Set the security ID in a set of credentials : The credentials to alter : The LSM security context to generate the security ID from.

Set the LSM security ID in a set of credentials so that the subjective security is overridden when an alternative set of credentials is used. The security ID is specified in string form as a security context to be interpreted by the LSM.

Definition at line 732 of file cred.c.

Variable Documentation

struct cred init_cred
Initial value:
= {
.usage = ATOMIC_INIT(4),
.suid = GLOBAL_ROOT_UID,
.sgid = GLOBAL_ROOT_GID,
.euid = GLOBAL_ROOT_UID,
.egid = GLOBAL_ROOT_GID,
.fsuid = GLOBAL_ROOT_UID,
.fsgid = GLOBAL_ROOT_GID,
.securebits = SECUREBITS_DEFAULT,
.cap_inheritable = CAP_EMPTY_SET,
.cap_permitted = CAP_FULL_SET,
.cap_effective = CAP_FULL_SET,
.cap_bset = CAP_FULL_SET,
.user = INIT_USER,
.user_ns = &init_user_ns,
.group_info = &init_groups,
}

Definition at line 46 of file cred.c.