diff options
| author | Dmitry Torokhov <dtor@chromium.org> | 2016-10-06 15:53:38 -0700 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-09-30 15:36:12 +0200 |
| commit | b27b15551563f102db2d56cb4f716a1fae260e69 (patch) | |
| tree | d86919b2f12d84b8e860c8d58e1933ae03fa91cb | |
| parent | 7694623a1eb0af6225cf3c9f8f4d1cdc27c668fc (diff) | |
CHROMIUM: remove Android's cgroup generic permissions checks
The implementation is utterly broken, resulting in all processes being
allows to move tasks between sets (as long as they have access to the
"tasks" attribute), and upstream is heading towards checking only
capability anyway, so let's get rid of this code.
BUG=b:31790445,chromium:647994
TEST=Boot android container, examine logcat
Change-Id: I2f780a5992c34e52a8f2d0b3557fc9d490da2779
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/394967
Reviewed-by: Ricky Zhou <rickyz@chromium.org>
Reviewed-by: John Stultz <john.stultz@linaro.org>
(cherry picked from commit 6895149f8bf0719aa70487e285fa6a8ad3d2692d)
Reviewed-on: https://chromium-review.googlesource.com/399858
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Mister Oyster <oysterized@gmail.com>
| -rw-r--r-- | Documentation/cgroups/cgroups.txt | 9 | ||||
| -rw-r--r-- | include/linux/cgroup.h | 17 | ||||
| -rw-r--r-- | kernel/cgroup.c | 52 | ||||
| -rw-r--r-- | kernel/sched/core.c | 1 | ||||
| -rw-r--r-- | mm/memcontrol.c | 12 |
5 files changed, 3 insertions, 88 deletions
diff --git a/Documentation/cgroups/cgroups.txt b/Documentation/cgroups/cgroups.txt index 61dc0ec5c..638bf17ff 100644 --- a/Documentation/cgroups/cgroups.txt +++ b/Documentation/cgroups/cgroups.txt @@ -598,15 +598,6 @@ is completely unused; @cgrp->parent is still valid. (Note - can also be called for a newly-created cgroup if an error occurs after this subsystem's create() method has been called for the new cgroup). -int allow_attach(struct cgroup *cgrp, struct cgroup_taskset *tset) -(cgroup_mutex held by caller) - -Called prior to moving a task into a cgroup; if the subsystem -returns an error, this will abort the attach operation. Used -to extend the permission checks - if all subsystems in a cgroup -return 0, the attach will be allowed to proceed, even if the -default permission check (root or same user) fails. - int can_attach(struct cgroup *cgrp, struct cgroup_taskset *tset) (cgroup_mutex held by caller) diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h index 46f1bcdc1..bbd9b756c 100644 --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -589,7 +589,6 @@ struct cgroup_subsys { void (*css_offline)(struct cgroup *cgrp); void (*css_free)(struct cgroup *cgrp); - int (*allow_attach)(struct cgroup *cgrp, struct cgroup_taskset *tset); int (*can_attach)(struct cgroup *cgrp, struct cgroup_taskset *tset); void (*cancel_attach)(struct cgroup *cgrp, struct cgroup_taskset *tset); void (*attach)(struct cgroup *cgrp, struct cgroup_taskset *tset); @@ -882,17 +881,6 @@ unsigned short css_id(struct cgroup_subsys_state *css); unsigned short css_depth(struct cgroup_subsys_state *css); struct cgroup_subsys_state *cgroup_css_from_dir(struct file *f, int id); -/* - * Default Android check for whether the current process is allowed to move a - * task across cgroups, either because CAP_SYS_NICE is set or because the uid - * of the calling process is the same as the moved task or because we are - * running as root. - * Returns 0 if this is allowed, or -EACCES otherwise. - */ -int subsys_cgroup_allow_attach(struct cgroup *cgrp, - struct cgroup_taskset *tset); - - #else /* !CONFIG_CGROUPS */ static inline int cgroup_init_early(void) { return 0; } @@ -916,11 +904,6 @@ static inline int cgroup_attach_task_all(struct task_struct *from, return 0; } -static inline int subsys_cgroup_allow_attach(struct cgroup *cgrp, - struct cgroup_taskset *tset) -{ - return 0; -} #endif /* !CONFIG_CGROUPS */ #endif /* _LINUX_CGROUP_H */ diff --git a/kernel/cgroup.c b/kernel/cgroup.c index adc8f34a5..b14a9a1fa 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -2152,43 +2152,6 @@ out_free_group_list: return retval; } -static int cgroup_allow_attach(struct cgroup *cgrp, struct cgroup_taskset *tset) -{ - struct cgroup_subsys *ss; - int ret; - - for_each_subsys(cgrp->root, ss) { - if (ss->allow_attach) { - ret = ss->allow_attach(cgrp, tset); - if (ret) - return ret; - } else { - return -EACCES; - } - } - - return 0; -} - -int subsys_cgroup_allow_attach(struct cgroup *cgrp, struct cgroup_taskset *tset) -{ - const struct cred *cred = current_cred(), *tcred; - struct task_struct *task; - - if (capable(CAP_SYS_NICE)) - return 0; - - cgroup_taskset_for_each(task, cgrp, tset) { - tcred = __task_cred(task); - - if (current != task && cred->euid != tcred->uid && - cred->euid != tcred->suid) - return -EACCES; - } - - return 0; -} - /* * Find the task_struct of the task to attach by vpid and pass it along to the * function to attach either it or all tasks in its threadgroup. Will lock @@ -2220,18 +2183,9 @@ retry_find_task: if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) && !uid_eq(cred->euid, tcred->uid) && !uid_eq(cred->euid, tcred->suid)) { - /* - * if the default permission check fails, give each - * cgroup a chance to extend the permission check - */ - struct cgroup_taskset tset = { }; - tset.single.task = tsk; - tset.single.cgrp = cgrp; - ret = cgroup_allow_attach(cgrp, &tset); - if (ret) { - rcu_read_unlock(); - goto out_unlock_cgroup; - } + rcu_read_unlock(); + ret = -EACCES; + goto out_unlock_cgroup; } } else tsk = current; diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 0fa11db49..77a197f65 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -8721,7 +8721,6 @@ struct cgroup_subsys cpu_cgroup_subsys = { .css_offline = cpu_cgroup_css_offline, .can_attach = cpu_cgroup_can_attach, .attach = cpu_cgroup_attach, - .allow_attach = subsys_cgroup_allow_attach, .exit = cpu_cgroup_exit, .subsys_id = cpu_cgroup_subsys_id, .base_cftypes = cpu_files, diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 0310efc94..36300fda5 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -6811,12 +6811,6 @@ static int mem_cgroup_can_attach(struct cgroup *cgroup, return ret; } -static int mem_cgroup_allow_attach(struct cgroup *cgroup, - struct cgroup_taskset *tset) -{ - return subsys_cgroup_allow_attach(cgroup, tset); -} - static void mem_cgroup_cancel_attach(struct cgroup *cgroup, struct cgroup_taskset *tset) { @@ -6985,11 +6979,6 @@ static int mem_cgroup_can_attach(struct cgroup *cgroup, { return 0; } -static int mem_cgroup_allow_attach(struct cgroup *cgroup, - struct cgroup_taskset *tset) -{ - return 0; -} static void mem_cgroup_cancel_attach(struct cgroup *cgroup, struct cgroup_taskset *tset) { @@ -7025,7 +7014,6 @@ struct cgroup_subsys mem_cgroup_subsys = { .can_attach = mem_cgroup_can_attach, .cancel_attach = mem_cgroup_cancel_attach, .attach = mem_cgroup_move_task, - .allow_attach = mem_cgroup_allow_attach, .bind = mem_cgroup_bind, .base_cftypes = mem_cgroup_files, .disabled = 1, /* Disable it for performance workaround */ |