diff mbox series

[v2,3/6] LSM: security_lsmblob_to_secctx module selection

Message ID 20250307183701.16970-4-casey@schaufler-ca.com (mailing list archive)
State Handled Elsewhere
Delegated to: Paul Moore
Headers show
Series [v2,1/6] Audit: Create audit_stamp structure | expand

Commit Message

Casey Schaufler March 7, 2025, 6:36 p.m. UTC
Add a parameter lsmid to security_lsmblob_to_secctx() to identify which
of the security modules that may be active should provide the security
context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing
a hook is used. security_secid_to_secctx() is unchanged, and will
always report the first LSM providing a hook.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h     |  6 ++++--
 kernel/audit.c               |  4 ++--
 kernel/auditsc.c             |  8 +++++---
 net/netlabel/netlabel_user.c |  3 ++-
 security/security.c          | 13 +++++++++++--
 5 files changed, 24 insertions(+), 10 deletions(-)

Comments

kernel test robot March 8, 2025, 3:52 p.m. UTC | #1
Hi Casey,

kernel test robot noticed the following build warnings:

[auto build test WARNING on pcmoore-selinux/next]
[also build test WARNING on linus/master v6.14-rc5 next-20250307]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/Audit-Create-audit_stamp-structure/20250308-024950
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
patch link:    https://lore.kernel.org/r/20250307183701.16970-4-casey%40schaufler-ca.com
patch subject: [PATCH v2 3/6] LSM: security_lsmblob_to_secctx module selection
config: arc-randconfig-001-20250308 (https://download.01.org/0day-ci/archive/20250308/202503082328.C7GyGU63-lkp@intel.com/config)
compiler: arc-elf-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250308/202503082328.C7GyGU63-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503082328.C7GyGU63-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> security/security.c:4325: warning: Excess function parameter 'lsmid' description in 'security_secid_to_secctx'
>> security/security.c:4344: warning: Function parameter or struct member 'lsmid' not described in 'security_lsmprop_to_secctx'


vim +4325 security/security.c

746df9b59c8a5f1 David Quigley   2013-05-22  4310  
e261301c851aee4 Paul Moore      2023-02-16  4311  /**
e261301c851aee4 Paul Moore      2023-02-16  4312   * security_secid_to_secctx() - Convert a secid to a secctx
e261301c851aee4 Paul Moore      2023-02-16  4313   * @secid: secid
2d470c778120d3c Casey Schaufler 2024-10-23  4314   * @cp: the LSM context
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4315   * @lsmid: which security module to report
e261301c851aee4 Paul Moore      2023-02-16  4316   *
2d470c778120d3c Casey Schaufler 2024-10-23  4317   * Convert secid to security context.  If @cp is NULL the length of the
2d470c778120d3c Casey Schaufler 2024-10-23  4318   * result will be returned, but no data will be returned.  This
e261301c851aee4 Paul Moore      2023-02-16  4319   * does mean that the length could change between calls to check the length and
2d470c778120d3c Casey Schaufler 2024-10-23  4320   * the next call which actually allocates and returns the data.
e261301c851aee4 Paul Moore      2023-02-16  4321   *
2d470c778120d3c Casey Schaufler 2024-10-23  4322   * Return: Return length of data on success, error on failure.
e261301c851aee4 Paul Moore      2023-02-16  4323   */
2d470c778120d3c Casey Schaufler 2024-10-23  4324  int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
20510f2f4e2dabb James Morris    2007-10-16 @4325  {
2d470c778120d3c Casey Schaufler 2024-10-23  4326  	return call_int_hook(secid_to_secctx, secid, cp);
20510f2f4e2dabb James Morris    2007-10-16  4327  }
20510f2f4e2dabb James Morris    2007-10-16  4328  EXPORT_SYMBOL(security_secid_to_secctx);
20510f2f4e2dabb James Morris    2007-10-16  4329  
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4330  /**
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4331   * security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4332   * @prop: lsm specific information
2d470c778120d3c Casey Schaufler 2024-10-23  4333   * @cp: the LSM context
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4334   *
2d470c778120d3c Casey Schaufler 2024-10-23  4335   * Convert a @prop entry to security context.  If @cp is NULL the
2d470c778120d3c Casey Schaufler 2024-10-23  4336   * length of the result will be returned. This does mean that the
2d470c778120d3c Casey Schaufler 2024-10-23  4337   * length could change between calls to check the length and the
2d470c778120d3c Casey Schaufler 2024-10-23  4338   * next call which actually allocates and returns the @cp.
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4339   *
2d470c778120d3c Casey Schaufler 2024-10-23  4340   * Return: Return length of data on success, error on failure.
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4341   */
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4342  int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp,
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4343  			       int lsmid)
6f2f724f0e116d9 Casey Schaufler 2024-10-09 @4344  {
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4345  	struct lsm_static_call *scall;
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4346  
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4347  	lsm_for_each_hook(scall, lsmprop_to_secctx) {
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4348  		if (lsmid != 0 && lsmid != scall->hl->lsmid->id)
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4349  			continue;
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4350  		return scall->hl->hook.lsmprop_to_secctx(prop, cp);
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4351  	}
c6b93968f3f6d88 Casey Schaufler 2025-03-07  4352  	return LSM_RET_DEFAULT(lsmprop_to_secctx);
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4353  }
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4354  EXPORT_SYMBOL(security_lsmprop_to_secctx);
6f2f724f0e116d9 Casey Schaufler 2024-10-09  4355
Paul Moore March 12, 2025, 11:51 p.m. UTC | #2
On Mar  7, 2025 Casey Schaufler <casey@schaufler-ca.com> wrote:
> 
> Add a parameter lsmid to security_lsmblob_to_secctx() to identify which
> of the security modules that may be active should provide the security
> context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing
> a hook is used. security_secid_to_secctx() is unchanged, and will
> always report the first LSM providing a hook.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  include/linux/security.h     |  6 ++++--
>  kernel/audit.c               |  4 ++--
>  kernel/auditsc.c             |  8 +++++---
>  net/netlabel/netlabel_user.c |  3 ++-
>  security/security.c          | 13 +++++++++++--
>  5 files changed, 24 insertions(+), 10 deletions(-)

...

> diff --git a/security/security.c b/security/security.c
> index 143561ebc3e8..55f9c7ad3f89 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -4338,9 +4339,17 @@ EXPORT_SYMBOL(security_secid_to_secctx);
>   *
>   * Return: Return length of data on success, error on failure.
>   */
> -int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp)
> +int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp,
> +			       int lsmid)
>  {
> -	return call_int_hook(lsmprop_to_secctx, prop, cp);
> +	struct lsm_static_call *scall;
> +
> +	lsm_for_each_hook(scall, lsmprop_to_secctx) {
> +		if (lsmid != 0 && lsmid != scall->hl->lsmid->id)

Let's use LSM_ID_UNDEF instead of 0 here to add some clarity on how an
undefined ID is handled.  The function header comment should also
explain the special handling when LSM_ID_UNDEF is specified.

--
paul-moore.com
diff mbox series

Patch

diff --git a/include/linux/security.h b/include/linux/security.h
index 980b6c207cad..540894695c4b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -566,7 +566,8 @@  int security_setprocattr(int lsmid, const char *name, void *value, size_t size);
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_ismaclabel(const char *name);
 int security_secid_to_secctx(u32 secid, struct lsm_context *cp);
-int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp);
+int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp,
+			       int lsmid);
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
 void security_release_secctx(struct lsm_context *cp);
 void security_inode_invalidate_secctx(struct inode *inode);
@@ -1543,7 +1544,8 @@  static inline int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
 }
 
 static inline int security_lsmprop_to_secctx(struct lsm_prop *prop,
-					     struct lsm_context *cp)
+					     struct lsm_context *cp,
+					     int lsmid)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/kernel/audit.c b/kernel/audit.c
index a4945f1c3ec0..293364bba961 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1475,7 +1475,7 @@  static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 	case AUDIT_SIGNAL_INFO:
 		if (lsmprop_is_set(&audit_sig_lsm)) {
 			err = security_lsmprop_to_secctx(&audit_sig_lsm,
-							 &lsmctx);
+							 &lsmctx, LSM_ID_UNDEF);
 			if (err < 0)
 				return err;
 		}
@@ -2247,7 +2247,7 @@  int audit_log_task_context(struct audit_buffer *ab)
 	if (!lsmprop_is_set(&prop))
 		return 0;
 
-	error = security_lsmprop_to_secctx(&prop, &ctx);
+	error = security_lsmprop_to_secctx(&prop, &ctx, LSM_ID_UNDEF);
 	if (error < 0) {
 		if (error != -EINVAL)
 			goto error_path;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2ec3a0d85447..d98ce7097a2d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1109,7 +1109,7 @@  static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 			 from_kuid(&init_user_ns, auid),
 			 from_kuid(&init_user_ns, uid), sessionid);
 	if (lsmprop_is_set(prop)) {
-		if (security_lsmprop_to_secctx(prop, &ctx) < 0) {
+		if (security_lsmprop_to_secctx(prop, &ctx, LSM_ID_UNDEF) < 0) {
 			audit_log_format(ab, " obj=(none)");
 			rc = 1;
 		} else {
@@ -1395,7 +1395,8 @@  static void show_special(struct audit_context *context, int *call_panic)
 			struct lsm_context lsmctx;
 
 			if (security_lsmprop_to_secctx(&context->ipc.oprop,
-						       &lsmctx) < 0) {
+						       &lsmctx,
+						       LSM_ID_UNDEF) < 0) {
 				*call_panic = 1;
 			} else {
 				audit_log_format(ab, " obj=%s", lsmctx.context);
@@ -1560,7 +1561,8 @@  static void audit_log_name(struct audit_context *context, struct audit_names *n,
 	if (lsmprop_is_set(&n->oprop)) {
 		struct lsm_context ctx;
 
-		if (security_lsmprop_to_secctx(&n->oprop, &ctx) < 0) {
+		if (security_lsmprop_to_secctx(&n->oprop, &ctx,
+					       LSM_ID_UNDEF) < 0) {
 			if (call_panic)
 				*call_panic = 2;
 		} else {
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 0d04d23aafe7..6d6545297ee3 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -98,7 +98,8 @@  struct audit_buffer *netlbl_audit_start_common(int type,
 			 audit_info->sessionid);
 
 	if (lsmprop_is_set(&audit_info->prop) &&
-	    security_lsmprop_to_secctx(&audit_info->prop, &ctx) > 0) {
+	    security_lsmprop_to_secctx(&audit_info->prop, &ctx,
+				       LSM_ID_UNDEF) > 0) {
 		audit_log_format(audit_buf, " subj=%s", ctx.context);
 		security_release_secctx(&ctx);
 	}
diff --git a/security/security.c b/security/security.c
index 143561ebc3e8..55f9c7ad3f89 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4312,6 +4312,7 @@  EXPORT_SYMBOL(security_ismaclabel);
  * security_secid_to_secctx() - Convert a secid to a secctx
  * @secid: secid
  * @cp: the LSM context
+ * @lsmid: which security module to report
  *
  * Convert secid to security context.  If @cp is NULL the length of the
  * result will be returned, but no data will be returned.  This
@@ -4338,9 +4339,17 @@  EXPORT_SYMBOL(security_secid_to_secctx);
  *
  * Return: Return length of data on success, error on failure.
  */
-int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp)
+int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp,
+			       int lsmid)
 {
-	return call_int_hook(lsmprop_to_secctx, prop, cp);
+	struct lsm_static_call *scall;
+
+	lsm_for_each_hook(scall, lsmprop_to_secctx) {
+		if (lsmid != 0 && lsmid != scall->hl->lsmid->id)
+			continue;
+		return scall->hl->hook.lsmprop_to_secctx(prop, cp);
+	}
+	return LSM_RET_DEFAULT(lsmprop_to_secctx);
 }
 EXPORT_SYMBOL(security_lsmprop_to_secctx);