[11/97] LSM: Use lsm_export in the kernel_ask_as hooks

Message ID	20190228221933.2551-12-casey@schaufler-ca.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com Subject: [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks Date: Thu, 28 Feb 2019 14:18:07 -0800 Message-Id: <20190228221933.2551-12-casey@schaufler-ca.com> In-Reply-To: <20190228221933.2551-1-casey@schaufler-ca.com> References: <20190228221933.2551-1-casey@schaufler-ca.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk
Series	LSM: Complete module stacking \| expand [00/97] LSM: Complete module stacking [01/97] LSM: Infrastructure management of the superblock [02/97] LSM: Infrastructure management of the sock security [03/97] LSM: Infrastructure management of the key security blob [04/97] SCAFFOLD: Move sock_graft out of sock.h [05/97] LSM: Create an lsm_export data structure. [06/97] LSM: Use lsm_export in the inode_getsecid hooks [07/97] SCAFFOLD: Move security.h out of route.h [08/97] LSM: Use lsm_export in the cred_getsecid hooks [09/97] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks [10/97] LSM: Use lsm_export in the sk_getsecid hooks [11/97] LSM: Use lsm_export in the kernel_ask_as hooks [12/97] LSM: Use lsm_export in the getpeersec_dgram hooks [13/97] LSM: Use lsm_export in the audit_rule_match hooks [14/97] LSM: Fix logical operation in lsm_export checks [15/97] LSM: Use lsm_export in the secid_to_secctx hooks [16/97] LSM: Use lsm_export in the secctx_to_secid hooks [17/97] LSM: Use lsm_export in security_audit_rule_match [18/97] LSM: Use lsm_export in security_kernel_act_as [19/97] LSM: Use lsm_export in security_socket_getpeersec_dgram [20/97] LSM: Use lsm_export in security_secctx_to_secid [21/97] LSM: Use lsm_export in security_secid_to_secctx [22/97] LSM: Use lsm_export in security_ipc_getsecid [23/97] LSM: Use lsm_export in security_task_getsecid [24/97] LSM: FIXUP - security_secctx_to_secid [25/97] LSM: FIXUP - security_secid_to_secctx [26/97] LSM: Use lsm_export in security_inode_getsecid [27/97] LSM: Use lsm_export in security_cred_getsecid [28/97] LSM: REVERT Use lsm_export in the sk_getsecid hooks [29/97] Audit: Change audit_sig_sid to audit_sig_lsm [30/97] Audit: Convert target_sid to an lsm_export structure [31/97] Audit: Convert osid to an lsm_export structure [32/97] IMA: Clean out lsm_export scaffolding [33/97] NET: Store LSM access information in the socket blob for UDS [34/97] NET: Remove scaffolding on secmarks [35/97] NET: Remove scaffolding on new secmarks [36/97] NET: Remove netfilter scaffolding for lsm_export [37/97] Netlabel: Replace secids with lsm_export [38/97] LSM: Remove lsm_export scaffolding functions [39/97] IMA: FIXUP prototype using lsm_export [40/97] Smack: Restore the release_secctx hook [41/97] AppArmor: Remove unnecessary hook stub [42/97] LSM: Limit calls to certain module hooks [43/97] LSM: Create a data structure for a security context [44/97] LSM: Use lsm_context in secid_to_secctx hooks [45/97] LSM: Use lsm_context in secctx_to_secid hooks [46/97] LSM: Use lsm_context in inode_getsecctx hooks [47/97] LSM: Use lsm_context in inode_notifysecctx hooks [48/97] LSM: Use lsm_context in dentry_init_security hooks [49/97] LSM: Use lsm_context in security_dentry_init_security [50/97] LSM: Use lsm_context in security_inode_notifysecctx [51/97] LSM: Use lsm_context in security_inode_getsecctx [52/97] LSM: Use lsm_context in security_secctx_to_secid [53/97] LSM: Use lsm_context in release_secctx hooks [54/97] LSM: Use lsm_context in security_release_secctx [55/97] LSM: Use lsm_context in security_secid_to_secctx [56/97] fs: remove lsm_context scaffolding [57/97] LSM: Add the release function to the lsm_context [58/97] LSM: Use lsm_context in inode_setsecctx hooks [59/97] LSM: Use lsm_context in security_inode_setsecctx [60/97] kernfs: remove lsm_context scaffolding [61/97] LSM: Remove unused macro [62/97] LSM: Special handling for secctx lsm hooks [63/97] SELinux: Use blob offset in current_sid [64/97] LSM: Specify which LSM to display with /proc/self/attr/display [65/97] AppArmor: Remove the exclusive flag [66/97] LSM: Add secmark_relabel_packet to the set of one call hooks [67/97] LSM: Make getting the secmark right cleaner with lsm_export_one_secid [68/97] netfilter: Fix memory leak introduced with lsm_context [69/97] Smack: Consolidate secmark conversions [70/97] netfilter: Remove unnecessary NULL check in lsm_context

Message ID

20190228221933.2551-12-casey@schaufler-ca.com (mailing list archive)

State

New, archived

Headers

From: Casey Schaufler <casey@schaufler-ca.com>
To: jmorris@namei.org, linux-security-module@vger.kernel.org,
        selinux@vger.kernel.org
Cc: keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com
Subject: [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks
Date: Thu, 28 Feb 2019 14:18:07 -0800
Message-Id: <20190228221933.2551-12-casey@schaufler-ca.com>
In-Reply-To: <20190228221933.2551-1-casey@schaufler-ca.com>
References: <20190228221933.2551-1-casey@schaufler-ca.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk

Series

LSM: Complete module stacking | expand

Commit Message

Casey Schaufler Feb. 28, 2019, 10:18 p.m. UTC

Convert the kernel_ask_as hooks to use the lsm_export
structure instead of a u32 secid. There is some scaffolding
involved that will be removed when security_kernel_ask_as()
is updated.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/lsm_hooks.h  |  4 ++--
 security/security.c        | 15 ++++++++++++++-
 security/selinux/hooks.c   | 17 ++++++++++++++---
 security/smack/smack_lsm.c | 12 +++++++++++-
 4 files changed, 41 insertions(+), 7 deletions(-)

Comments

Edwin Zimmerman March 1, 2019, 2:59 p.m. UTC | #1

On Thursday, 2/28/2019 at 5:18 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:
> Convert the kernel_ask_as hooks to use the lsm_export
Should be act_as, not? ^^
> structure instead of a u32 secid. There is some scaffolding
> involved that will be removed when security_kernel_ask_as()
> is updated.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  include/linux/lsm_hooks.h  |  4 ++--
>  security/security.c        | 15 ++++++++++++++-
>  security/selinux/hooks.c   | 17 ++++++++++++++---
>  security/smack/smack_lsm.c | 12 +++++++++++-
>  4 files changed, 41 insertions(+), 7 deletions(-)
> 
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 44597189fea4..796eb441be95 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -562,7 +562,7 @@
>   * @kernel_act_as:
>   *	Set the credentials for a kernel service to act as (subjective context).
>   *	@new points to the credentials to be modified.
> - *	@secid specifies the security ID to be set
> + *	@l specifies the security data to be set
>   *	The current task must be the one that nominated @secid.
>   *	Return 0 if successful.
>   * @kernel_create_files_as:
> @@ -1588,7 +1588,7 @@ union security_list_options {
>  				gfp_t gfp);
>  	void (*cred_transfer)(struct cred *new, const struct cred *old);
>  	void (*cred_getsecid)(const struct cred *c, struct lsm_export *l);
> -	int (*kernel_act_as)(struct cred *new, u32 secid);
> +	int (*kernel_act_as)(struct cred *new, struct lsm_export *l);
>  	int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
>  	int (*kernel_module_request)(char *kmod_name);
>  	int (*kernel_load_data)(enum kernel_load_data_id id);
> diff --git a/security/security.c b/security/security.c
> index 909b6b8d1a50..1a29fe08a5d9 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -738,6 +738,15 @@ static inline void lsm_export_secid(struct lsm_export *data, u32 *secid)
>  	}
>  }
> 
> +static inline void lsm_export_to_all(struct lsm_export *data, u32 secid)
> +{
> +	data->selinux = secid;
> +	data->smack = secid;
> +	data->apparmor = secid;
> +	data->flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK |
> +		      LSM_EXPORT_APPARMOR;
> +}
> +
>  /* Security operations */
> 
>  int security_binder_set_context_mgr(struct task_struct *mgr)
> @@ -1633,7 +1642,11 @@ EXPORT_SYMBOL(security_cred_getsecid);
> 
>  int security_kernel_act_as(struct cred *new, u32 secid)
>  {
> -	return call_int_hook(kernel_act_as, 0, new, secid);
> +	struct lsm_export data = { .flags = LSM_EXPORT_NONE };
> +
> +	lsm_export_to_all(&data, secid);
> +
> +	return call_int_hook(kernel_act_as, 0, new, &data);
>  }
> 
>  int security_kernel_create_files_as(struct cred *new, struct inode *inode)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 6f61a894f7c5..efcd905bdabf 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -220,6 +220,14 @@ static inline void selinux_export_secid(struct lsm_export *l, u32 secid)
>  	l->flags |= LSM_EXPORT_SELINUX;
>  }
> 
> +static inline void selinux_import_secid(struct lsm_export *l, u32 *secid)
> +{
> +	if (l->flags | LSM_EXPORT_SELINUX)
> +		*secid = l->selinux;
> +	else
> +		*secid = SECSID_NULL;
> +}
> +
>  /*
>   * get the security ID of a set of credentials
>   */
> @@ -3669,19 +3677,22 @@ static void selinux_cred_getsecid(const struct cred *c, struct lsm_export *l)
>   * set the security data for a kernel service
>   * - all the creation contexts are set to unlabelled
>   */
> -static int selinux_kernel_act_as(struct cred *new, u32 secid)
> +static int selinux_kernel_act_as(struct cred *new, struct lsm_export *l)
>  {
>  	struct task_security_struct *tsec = selinux_cred(new);
> +	u32 nsid;
>  	u32 sid = current_sid();
>  	int ret;
> 
> +	selinux_import_secid(l, &nsid);
> +
>  	ret = avc_has_perm(&selinux_state,
> -			   sid, secid,
> +			   sid, nsid,
>  			   SECCLASS_KERNEL_SERVICE,
>  			   KERNEL_SERVICE__USE_AS_OVERRIDE,
>  			   NULL);
>  	if (ret == 0) {
> -		tsec->sid = secid;
> +		tsec->sid = nsid;
>  		tsec->create_sid = 0;
>  		tsec->keycreate_sid = 0;
>  		tsec->sockcreate_sid = 0;
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index d5ff34a5803b..0e1f6ef25eb2 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -473,6 +473,14 @@ static inline void smack_export_secid(struct lsm_export *l, u32 secid)
>  	l->flags |= LSM_EXPORT_SMACK;
>  }
> 
> +static inline void smack_import_secid(struct lsm_export *l, u32 *secid)
> +{
> +	if (l->flags | LSM_EXPORT_SMACK)
> +		*secid = l->smack;
> +	else
> +		*secid = 0;
> +}
> +
>  /*
>   * LSM hooks.
>   * We he, that is fun!
> @@ -1910,10 +1918,12 @@ static void smack_cred_getsecid(const struct cred *cred, struct lsm_export *l)
>   *
>   * Set the security data for a kernel service.
>   */
> -static int smack_kernel_act_as(struct cred *new, u32 secid)
> +static int smack_kernel_act_as(struct cred *new, struct lsm_export *l)
>  {
> +	u32 secid;
>  	struct task_smack *new_tsp = smack_cred(new);
> 
> +	smack_import_secid(l, &secid);
>  	new_tsp->smk_task = smack_from_secid(secid);
>  	return 0;
>  }
> --
> 2.17.0

Casey Schaufler March 1, 2019, 4:59 p.m. UTC | #2

On 3/1/2019 6:59 AM, Edwin Zimmerman wrote:
> On Thursday, 2/28/2019 at 5:18 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:
>> Convert the kernel_ask_as hooks to use the lsm_export
> Should be act_as, not? ^^

You are correct.

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 44597189fea4..796eb441be95 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -562,7 +562,7 @@ 
  * @kernel_act_as:
  *	Set the credentials for a kernel service to act as (subjective context).
  *	@new points to the credentials to be modified.
- *	@secid specifies the security ID to be set
+ *	@l specifies the security data to be set
  *	The current task must be the one that nominated @secid.
  *	Return 0 if successful.
  * @kernel_create_files_as:
@@ -1588,7 +1588,7 @@  union security_list_options {
 				gfp_t gfp);
 	void (*cred_transfer)(struct cred *new, const struct cred *old);
 	void (*cred_getsecid)(const struct cred *c, struct lsm_export *l);
-	int (*kernel_act_as)(struct cred *new, u32 secid);
+	int (*kernel_act_as)(struct cred *new, struct lsm_export *l);
 	int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
 	int (*kernel_module_request)(char *kmod_name);
 	int (*kernel_load_data)(enum kernel_load_data_id id);
diff --git a/security/security.c b/security/security.c
index 909b6b8d1a50..1a29fe08a5d9 100644
--- a/security/security.c
+++ b/security/security.c
@@ -738,6 +738,15 @@  static inline void lsm_export_secid(struct lsm_export *data, u32 *secid)
 	}
 }
 
+static inline void lsm_export_to_all(struct lsm_export *data, u32 secid)
+{
+	data->selinux = secid;
+	data->smack = secid;
+	data->apparmor = secid;
+	data->flags = LSM_EXPORT_SELINUX | LSM_EXPORT_SMACK |
+		      LSM_EXPORT_APPARMOR;
+}
+
 /* Security operations */
 
 int security_binder_set_context_mgr(struct task_struct *mgr)
@@ -1633,7 +1642,11 @@  EXPORT_SYMBOL(security_cred_getsecid);
 
 int security_kernel_act_as(struct cred *new, u32 secid)
 {
-	return call_int_hook(kernel_act_as, 0, new, secid);
+	struct lsm_export data = { .flags = LSM_EXPORT_NONE };
+
+	lsm_export_to_all(&data, secid);
+
+	return call_int_hook(kernel_act_as, 0, new, &data);
 }
 
 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6f61a894f7c5..efcd905bdabf 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -220,6 +220,14 @@  static inline void selinux_export_secid(struct lsm_export *l, u32 secid)
 	l->flags |= LSM_EXPORT_SELINUX;
 }
 
+static inline void selinux_import_secid(struct lsm_export *l, u32 *secid)
+{
+	if (l->flags | LSM_EXPORT_SELINUX)
+		*secid = l->selinux;
+	else
+		*secid = SECSID_NULL;
+}
+
 /*
  * get the security ID of a set of credentials
  */
@@ -3669,19 +3677,22 @@  static void selinux_cred_getsecid(const struct cred *c, struct lsm_export *l)
  * set the security data for a kernel service
  * - all the creation contexts are set to unlabelled
  */
-static int selinux_kernel_act_as(struct cred *new, u32 secid)
+static int selinux_kernel_act_as(struct cred *new, struct lsm_export *l)
 {
 	struct task_security_struct *tsec = selinux_cred(new);
+	u32 nsid;
 	u32 sid = current_sid();
 	int ret;
 
+	selinux_import_secid(l, &nsid);
+
 	ret = avc_has_perm(&selinux_state,
-			   sid, secid,
+			   sid, nsid,
 			   SECCLASS_KERNEL_SERVICE,
 			   KERNEL_SERVICE__USE_AS_OVERRIDE,
 			   NULL);
 	if (ret == 0) {
-		tsec->sid = secid;
+		tsec->sid = nsid;
 		tsec->create_sid = 0;
 		tsec->keycreate_sid = 0;
 		tsec->sockcreate_sid = 0;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d5ff34a5803b..0e1f6ef25eb2 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -473,6 +473,14 @@  static inline void smack_export_secid(struct lsm_export *l, u32 secid)
 	l->flags |= LSM_EXPORT_SMACK;
 }
 
+static inline void smack_import_secid(struct lsm_export *l, u32 *secid)
+{
+	if (l->flags | LSM_EXPORT_SMACK)
+		*secid = l->smack;
+	else
+		*secid = 0;
+}
+
 /*
  * LSM hooks.
  * We he, that is fun!
@@ -1910,10 +1918,12 @@  static void smack_cred_getsecid(const struct cred *cred, struct lsm_export *l)
  *
  * Set the security data for a kernel service.
  */
-static int smack_kernel_act_as(struct cred *new, u32 secid)
+static int smack_kernel_act_as(struct cred *new, struct lsm_export *l)
 {
+	u32 secid;
 	struct task_smack *new_tsp = smack_cred(new);
 
+	smack_import_secid(l, &secid);
 	new_tsp->smk_task = smack_from_secid(secid);
 	return 0;
 }

[11/97] LSM: Use lsm_export in the kernel_ask_as hooks

Commit Message

Comments

Patch