• T
    selinux: Use task_alloc hook rather than task_create hook · a79be238
    Tetsuo Handa 提交于
    This patch is a preparation for getting rid of task_create hook because
    task_alloc hook which can do what task_create hook can do was revived.
    
    Creating a new thread is unlikely prohibited by security policy, for
    fork()/execve()/exit() is fundamental of how processes are managed in
    Unix. If a program is known to create a new thread, it is likely that
    permission to create a new thread is given to that program. Therefore,
    a situation where security_task_create() returns an error is likely that
    the program was exploited and lost control. Even if SELinux failed to
    check permission to create a thread at security_task_create(), SELinux
    can later check it at security_task_alloc(). Since the new thread is not
    yet visible from the rest of the system, nobody can do bad things using
    the new thread. What we waste will be limited to some initialization
    steps such as dup_task_struct(), copy_creds() and audit_alloc() in
    copy_process(). We can tolerate these overhead for unlikely situation.
    
    Therefore, this patch changes SELinux to use task_alloc hook rather than
    task_create hook so that we can remove task_create hook.
    Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: NPaul Moore <paul@paul-moore.com>
    a79be238
hooks.c 164.1 KB