Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/fs
History
Andy Lutomirski 14434eef82 Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 
With this change, calling
  prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)
disables privilege granting operations at execve-time.  For example, a
process will not be able to execute a setuid binary to change their uid
or gid if this bit is set.  The same is true for file capabilities.

Additionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that
LSMs respect the requested behavior.

To determine if the NO_NEW_PRIVS bit is set, a task may call
  prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
It returns 1 if set and 0 if it is not set. If any of the arguments are
non-zero, it will return -1 and set errno to -EINVAL.
(PR_SET_NO_NEW_PRIVS behaves similarly.)

This functionality is desired for the proposed seccomp filter patch
series.  By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the
system call behavior for itself and its child tasks without being
able to impact the behavior of a more privileged task.

Another potential use is making certain privileged operations
unprivileged.  For example, chroot may be considered "safe" if it cannot
affect privileged tasks.

Note, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is
set and AppArmor is in use.  It is fixed in a subsequent patch.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>

v18: updated change desc
v17: using new define values as per 3.4

Conflicts:
	include/linux/prctl.h
	kernel/sys.c
2014-10-31 19:46:07 -07:00
..
9p 9p changes for the 3.4 merge window 2012-03-28 09:58:38 -07:00
adfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
affs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
afs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
autofs4 autofs: make the autofsv5 packet file descriptor use a packetized pipe 2012-04-29 13:30:08 -07:00
befs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
bfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2012-05-06 10:20:07 -07:00
cachefiles switch touch_atime to struct path 2012-03-20 21:29:41 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-03-28 10:01:29 -07:00
cifs freezer: add unsafe versions of freezable helpers for CIFS 2013-07-12 14:22:55 -07:00
coda Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
configfs make configfs_pin_fs() return root dentry on success 2012-03-20 21:29:48 -04:00
cramfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
debugfs simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
devpts Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
dlm dlm fixes for 3.4 2012-04-23 18:22:42 -07:00
ecryptfs ecryptfs: make register_filesystem() the last potential failure exit 2012-03-20 21:29:49 -04:00
efs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
exofs Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd 2012-03-28 20:04:27 -07:00
exportfs
ext2 migrate ext2_fs.h guts to fs/ext2/ext2.h 2012-03-31 16:03:16 -04:00
ext3 ext3: move headers to fs/ext3/ 2012-03-31 16:03:16 -04:00
ext4 ext4: protect group inode free counting with group lock 2013-04-18 16:07:55 -07:00
fat fs: fat: rate limit the kernel messages 2013-02-20 02:49:28 -08:00
freevxfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
fscache
fuse mm: Use correct define for CMA features 2013-03-07 15:23:58 -08:00
gfs2 GFS2: Instruct DLM to avoid queue convert slowdown 2012-04-24 13:26:50 +01:00
hfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hfsplus hfsplus: Fix potential buffer overflows 2012-05-04 17:11:24 -07:00
hostfs Merge branch 'for-linus-3.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2012-03-27 18:29:53 -07:00
hpfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hppfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hugetlbfs hugetlbfs: lockdep annotate root inode properly 2012-04-25 21:26:34 -07:00
isofs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
jbd Power management updates for 3.4 2012-03-21 10:15:51 -07:00
jbd2 jbd2: use GFP_NOFS for blkdev_issue_flush 2012-04-23 21:43:41 -04:00
jffs2 jffs2: Fix lock acquisition order bug in gc path 2012-05-07 20:30:14 +01:00
jfs jfs: mising cleanup on register_filesystem() failure 2012-03-20 21:29:48 -04:00
lockd lockd: fix the endianness bug 2012-04-13 13:50:52 -04:00
logfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
minix Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
ncpfs Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
nfs freezer: add unsafe versions of freezable helpers for NFS 2013-07-12 14:22:55 -07:00
nfs_common
nfsd nfsd: fix nfs4recover.c printk format warning 2012-04-30 12:28:48 -07:00
nilfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
nls
notify fs/notify/notification.c: make subsys_initcall function static 2012-03-23 16:58:31 -07:00
ntfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
ocfs2 ocfs2: ->e_leaf_clusters endianness breakage 2012-04-13 12:31:43 -04:00
omfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
openpromfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
proc mm: add a field to store names for private anonymous memory 2013-10-11 10:02:06 -07:00
pstore Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
qnx4 qnx4: new helper - try_extent() 2012-03-20 21:29:52 -04:00
qnx6 fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
quota Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-03-28 10:00:14 -07:00
ramfs tidy up after d_make_root() conversion 2012-03-20 21:29:37 -04:00
reiserfs Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
romfs MTD merge for 3.4 2012-03-30 17:31:56 -07:00
squashfs Add an extra mount time sanity check, plus some code cleanups and bug fixes. 2012-03-28 18:05:54 -07:00
sysfs sysfs: handle 'parent deleted before child added' 2012-04-10 14:48:51 -07:00
sysv switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
ubifs ubifs: Fix compiler warning 2013-02-27 18:10:47 -08:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-03-28 10:00:14 -07:00
ufs Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
xfs Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
yaffs2 fs: yaffs2: Add null pointer check before dereferencing inode 2013-02-27 18:19:17 -08:00
aio.c kill mm argument of vm_munmap() 2012-04-21 01:58:20 -04:00
anon_inodes.c anon_inodes: move allocation of anon_inode into ->mount() 2012-03-20 21:29:45 -04:00
attr.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
bad_inode.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
binfmt_aout.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_elf.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_elf_fdpic.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_em86.c __register_binfmt() made void 2012-03-20 21:29:46 -04:00
binfmt_flat.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_misc.c magic.h: move some FS magic numbers into magic.h 2012-03-23 16:58:31 -07:00
binfmt_script.c __register_binfmt() made void 2012-03-20 21:29:46 -04:00
binfmt_som.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
bio-integrity.c fs: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:21 +08:00
bio.c bio allocation failure due to bio_get_nr_vecs() 2012-05-11 16:45:12 +02:00
block_dev.c block: don't mark buffers beyond end of disk as mapped 2012-05-11 16:42:14 +02:00
buffer.c block: fix infinite loop in __getblk_slow 2013-03-15 17:09:41 -07:00
char_dev.c
compat.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
compat_binfmt_elf.c
compat_ioctl.c net: bluetooth: ioctl entry to modify auth info. 2013-02-25 11:37:16 -08:00
dcache.c vfs: dcache: fix deadlock in tree traversal 2013-03-15 17:09:25 -07:00
dcookies.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
direct-io.c
drop_caches.c
eventfd.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
eventpoll.c epoll: use freezable blocking call 2013-07-12 14:22:57 -07:00
exec.c Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2014-10-31 19:46:07 -07:00
fcntl.c
fhandle.c
fifo.c
file.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
file_table.c vfs: drop_file_write_access() made static 2012-03-20 21:29:32 -04:00
filesystems.c
fs-writeback.c ext4: fix potential deadlock in ext4_nonda_switch() 2013-03-15 17:09:42 -07:00
fs_struct.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
generic_acl.c
inode.c trim includes in inode.c 2012-03-20 21:29:51 -04:00
internal.h
ioctl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
ioprio.c
Kconfig fs: yaffs: Import yaffs from Thu Dec 23 13:31:37 2010 +1300 2012-04-09 13:57:46 -07:00
Kconfig.binfmt
libfs.c dentry leak in simple_fill_super() failure exit 2012-04-09 01:39:22 -04:00
locks.c CIFS: Fix VFS lock usage for oplocked files 2012-04-01 13:54:27 -05:00
Makefile fs: yaffs: Import yaffs from Thu Dec 23 13:31:37 2010 +1300 2012-04-09 13:57:46 -07:00
mbcache.c
mount.h
mpage.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
namei.c vfs: make word-at-a-time accesses handle a non-existing page 2012-05-03 14:01:40 -07:00
namespace.c
no-block.c
open.c
pipe.c pipes: add a "packetized pipe" mode for writing 2012-04-29 13:12:42 -07:00
pnode.c
pnode.h
posix_acl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
proc_namespace.c
read_write.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
read_write.h
readdir.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
select.c select: use freezable blocking call 2013-07-12 14:22:58 -07:00
seq_file.c Fixing bad conflict resolution 2014-01-15 17:23:56 -08:00
signalfd.c
splice.c tcp: tcp_sendpages() should call tcp_push() once 2012-04-05 19:04:27 -04:00
stack.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
stat.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
statfs.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
super.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
sync.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
timerfd.c
utimes.c
xattr.c fs/xattr.c:setxattr(): improve handling of allocation failures 2012-04-05 15:25:50 -07:00
xattr_acl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00