aboutsummaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorStephen Smalley2017-01-09 10:07:31 -0500
committerPaul Moore2017-01-09 10:07:31 -0500
commitb21507e272627c434e8dd74e8d51fd8245281b59 (patch)
tree3c8453724f6429e2bae5cd3cc9266104c2e6feea /security/security.c
parentbe0554c9bf9f7cc96f5205df8f8bd3573b74320e (diff)
proc,security: move restriction on writing /proc/pid/attr nodes to proc
Processes can only alter their own security attributes via /proc/pid/attr nodes. This is presently enforced by each individual security module and is also imposed by the Linux credentials implementation, which only allows a task to alter its own credentials. Move the check enforcing this restriction from the individual security modules to proc_pid_attr_write() before calling the security hook, and drop the unnecessary task argument to the security hook since it can only ever be the current task. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index f825304f04a7..32052f5c76b2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1170,9 +1170,9 @@ int security_getprocattr(struct task_struct *p, char *name, char **value)
return call_int_hook(getprocattr, -EINVAL, p, name, value);
}
-int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
+int security_setprocattr(const char *name, void *value, size_t size)
{
- return call_int_hook(setprocattr, -EINVAL, p, name, value, size);
+ return call_int_hook(setprocattr, -EINVAL, name, value, size);
}
int security_netlink_send(struct sock *sk, struct sk_buff *skb)