1 /* Task credentials management
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
11 #include <linux/module.h>
12 #include <linux/cred.h>
13 #include <linux/sched.h>
14 #include <linux/key.h>
15 #include <linux/keyctl.h>
16 #include <linux/init_task.h>
17 #include <linux/security.h>
20 * The initial credentials for the initial task
22 struct cred init_cred = {
23 .usage = ATOMIC_INIT(3),
24 .securebits = SECUREBITS_DEFAULT,
25 .cap_inheritable = CAP_INIT_INH_SET,
26 .cap_permitted = CAP_FULL_SET,
27 .cap_effective = CAP_INIT_EFF_SET,
28 .cap_bset = CAP_INIT_BSET,
30 .group_info = &init_groups,
34 * The RCU callback to actually dispose of a set of credentials
36 static void put_cred_rcu(struct rcu_head *rcu)
38 struct cred *cred = container_of(rcu, struct cred, rcu);
40 BUG_ON(atomic_read(&cred->usage) != 0);
42 key_put(cred->thread_keyring);
43 key_put(cred->request_key_auth);
44 put_group_info(cred->group_info);
46 security_cred_free(cred);
51 * __put_cred - Destroy a set of credentials
52 * @sec: The record to release
54 * Destroy a set of credentials on which no references remain.
56 void __put_cred(struct cred *cred)
58 call_rcu(&cred->rcu, put_cred_rcu);
60 EXPORT_SYMBOL(__put_cred);
63 * Copy credentials for the new process created by fork()
65 int copy_creds(struct task_struct *p, unsigned long clone_flags)
70 pcred = kmemdup(p->cred, sizeof(*p->cred), GFP_KERNEL);
74 #ifdef CONFIG_SECURITY
75 pcred->security = NULL;
78 ret = security_cred_alloc(pcred);
84 atomic_set(&pcred->usage, 1);
85 get_group_info(pcred->group_info);
87 key_get(pcred->thread_keyring);
88 key_get(pcred->request_key_auth);
90 atomic_inc(&pcred->user->processes);
92 /* RCU assignment is unneeded here as no-one can have accessed this
93 * pointer yet, barring us */