From patchwork Tue Aug 28 21:32:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Micah Morton X-Patchwork-Id: 10579203 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8F63113B8 for ; Tue, 28 Aug 2018 21:32:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 89B4D2AD62 for ; Tue, 28 Aug 2018 21:32:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7DC232AD66; Tue, 28 Aug 2018 21:32:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F9DB2AD5F for ; Tue, 28 Aug 2018 21:32:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727146AbeH2BZy (ORCPT ); Tue, 28 Aug 2018 21:25:54 -0400 Received: from mail-yb0-f202.google.com ([209.85.213.202]:52333 "EHLO mail-yb0-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727144AbeH2BZy (ORCPT ); Tue, 28 Aug 2018 21:25:54 -0400 Received: by mail-yb0-f202.google.com with SMTP id 79-v6so1458677ybl.19 for ; Tue, 28 Aug 2018 14:32:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=6RrrkzfY9L8+t9x0jxGPLsrsw5bjjicINhMEuE9TBx8=; b=d0goZ37NqJypPGDbK06CGfGTDFiIFCBRl1yVmoLO4K9miNVpreLCtv4/3EF4eFioqi ZkbJmTQ1aEnIpWunbJS7RY4hYTsRWU93JIXUvabPdjgyQk4Bg+NuZIEoTaFplX+NIC50 47CQ206EJKoObw63KFDLRAjrIZoNoW91QlzG0GoKx0nRqtCtYNkNMWBPheBKehqEC8/K PDqzBdGOhFxs2SY+MQon2y8qJTK0jz8ziT46ZgDU/O5f2vlv5QNtQZYSRRo9Fkym1XZ6 Mii1/WfU+cx6PYUNzxqi5869Mk9dId/sbSFk4sxHKBAZ1peD+atRpp2bhCvOarKYKFTB UrpA== X-Gm-Message-State: APzg51Dz7oau6+6bkLua9GHQYNlMA+79rgYJiHwcKIMIWK+H9bHK7TyX jd+JD9jOi4kB2tvqXJgIA/11eH2LTO+f X-Google-Smtp-Source: ANB0VdbEFfqHpWYIrdNMQjgGJ2yVCWij3kMJ4Ha1/ZS/eOjz2hM0bnf5yF9jP2HtugVyZbjdudjAGHzqcBwo X-Received: by 2002:a81:ad1e:: with SMTP id l30-v6mr1025523ywh.124.1535491941928; Tue, 28 Aug 2018 14:32:21 -0700 (PDT) Date: Tue, 28 Aug 2018 14:32:17 -0700 Message-Id: <20180828213217.67080-1-mortonm@chromium.org> Mime-Version: 1.0 X-Mailer: git-send-email 2.19.0.rc0.228.g281dcd1b4d0-goog Subject: [PATCH] SELinux: allow other LSMs to use custom mount args From: Micah Morton To: linux-security-module@vger.kernel.org Cc: Micah Morton Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The security_sb_copy_data LSM hook allows LSMs to copy custom string name/value args passed to mount_fs() into a temporary buffer (called "secdata") that will be accessible to LSM code during the security_sb_kern_mount hook further down in mount_fs(). Currently, SELinux effectively prevents any other LSMs from copying custom mount args into the temporary buffer (and being able to access them during security_sb_kern_mount), as it will fail with -EINVAL and print "SELinux: unknown mount option" to the kernel message buffer if args it doesn't recognize are present in the temporary buffer when selinux_sb_kern_mount is called. This change adds an arg to the list of those accepted by SELinux during security_sb_kern_mount. SELinux won't do anything with this arg besides allow the name/value pair to be passed along to any other LSM that is stacked after SELinux. Developed on v4.18. Signed-off-by: Micah Morton --- security/selinux/hooks.c | 7 ++++++- security/selinux/include/security.h | 11 ++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2b5ee5fbd652..e70ccc701eb8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -445,6 +445,7 @@ enum { Opt_rootcontext = 4, Opt_labelsupport = 5, Opt_nextmntopt = 6, + Opt_lsm_custom_arg = 7, }; #define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1) @@ -455,6 +456,7 @@ static const match_table_t tokens = { {Opt_defcontext, DEFCONTEXT_STR "%s"}, {Opt_rootcontext, ROOTCONTEXT_STR "%s"}, {Opt_labelsupport, LABELSUPP_STR}, + {Opt_lsm_custom_arg, LSM_CUSTOM_ARG_STR "%s"}, {Opt_error, NULL}, }; @@ -1156,6 +1158,8 @@ static int selinux_parse_opts_str(char *options, break; case Opt_labelsupport: break; + case Opt_lsm_custom_arg: + break; default: rc = -EINVAL; printk(KERN_WARNING "SELinux: unknown mount option\n"); @@ -2758,7 +2762,8 @@ static inline int selinux_option(char *option, int len) match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) || match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) || match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) || - match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len)); + match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len) || + match_prefix(LSM_CUSTOM_ARG_STR, sizeof(LSM_CUSTOM_ARG_STR)-1, option, len)); } static inline void take_option(char **to, char *from, int *first, int len) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 23e762d529fa..0ead836a0625 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -59,11 +59,12 @@ #define SE_SBPROC 0x0200 #define SE_SBGENFS 0x0400 -#define CONTEXT_STR "context=" -#define FSCONTEXT_STR "fscontext=" -#define ROOTCONTEXT_STR "rootcontext=" -#define DEFCONTEXT_STR "defcontext=" -#define LABELSUPP_STR "seclabel" +#define CONTEXT_STR "context=" +#define FSCONTEXT_STR "fscontext=" +#define ROOTCONTEXT_STR "rootcontext=" +#define DEFCONTEXT_STR "defcontext=" +#define LABELSUPP_STR "seclabel" +#define LSM_CUSTOM_ARG_STR "lsm_custom_arg=" struct netlbl_lsm_secattr;