[74/90] LSM: Change error detection for UDP peer security

Message ID	20190419004617.64627-75-casey@schaufler-ca.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com Subject: [PATCH 74/90] LSM: Change error detection for UDP peer security Date: Thu, 18 Apr 2019 17:46:01 -0700 Message-Id: <20190419004617.64627-75-casey@schaufler-ca.com> In-Reply-To: <20190419004617.64627-1-casey@schaufler-ca.com> References: <20190419004617.64627-1-casey@schaufler-ca.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk
Series	LSM: Module stacking for all \| expand [00/90] LSM: Module stacking for all [01/90] LSM: Infrastructure management of the superblock [02/90] LSM: Infrastructure management of the sock security [03/90] LSM: Infrastructure management of the key security blob [04/90] LSM: Create an lsm_export data structure. [05/90] LSM: Use lsm_export in the inode_getsecid hooks [06/90] LSM: Use lsm_export in the cred_getsecid hooks [07/90] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks [08/90] LSM: Use lsm_export in the kernel_ask_as hooks [09/90] LSM: Use lsm_export in the getpeersec_dgram hooks [10/90] LSM: Use lsm_export in the audit_rule_match hooks [11/90] LSM: Fix logical operation in lsm_export checks [12/90] LSM: Use lsm_export in the secid_to_secctx hooks [13/90] LSM: Use lsm_export in the secctx_to_secid hooks [14/90] LSM: Use lsm_export in security_audit_rule_match [15/90] LSM: Use lsm_export in security_kernel_act_as [16/90] LSM: Use lsm_export in security_socket_getpeersec_dgram [17/90] LSM: Use lsm_export in security_secctx_to_secid [18/90] LSM: Use lsm_export in security_secid_to_secctx [19/90] LSM: Use lsm_export in security_ipc_getsecid [20/90] LSM: Use lsm_export in security_task_getsecid [21/90] LSM: Use lsm_export in security_inode_getsecid [22/90] LSM: Use lsm_export in security_cred_getsecid [23/90] Audit: Change audit_sig_sid to audit_sig_lsm [24/90] Audit: Convert target_sid to an lsm_export structure [25/90] Audit: Convert osid to an lsm_export structure [26/90] IMA: Clean out lsm_export scaffolding [27/90] NET: Change the UNIXCB from a secid to an lsm_export [28/90] NET: Remove scaffolding on secmarks [29/90] NET: Remove scaffolding on new secmarks [30/90] NET: Remove netfilter scaffolding for lsm_export [31/90] Netlabel: Replace secids with lsm_export [32/90] LSM: Remove lsm_export scaffolding functions [33/90] IMA: FIXUP prototype using lsm_export [34/90] Smack: Restore the release_secctx hook [35/90] AppArmor: Remove unnecessary hook stub [36/90] LSM: Limit calls to certain module hooks [37/90] LSM: Create a data structure for a security context [38/90] LSM: Use lsm_context in secid_to_secctx hooks [39/90] LSM: Use lsm_context in secctx_to_secid hooks [40/90] LSM: Use lsm_context in inode_getsecctx hooks [41/90] LSM: Use lsm_context in inode_notifysecctx hooks [42/90] LSM: Use lsm_context in dentry_init_security hooks [43/90] LSM: Use lsm_context in security_dentry_init_security [44/90] LSM: Use lsm_context in security_inode_notifysecctx [45/90] LSM: Use lsm_context in security_inode_getsecctx [46/90] LSM: Use lsm_context in security_secctx_to_secid [47/90] LSM: Use lsm_context in release_secctx hooks [48/90] LSM: Use lsm_context in security_release_secctx [49/90] LSM: Use lsm_context in security_secid_to_secctx [50/90] fs: remove lsm_context scaffolding [51/90] LSM: Add the release function to the lsm_context [52/90] LSM: Use lsm_context in inode_setsecctx hooks [53/90] LSM: Use lsm_context in security_inode_setsecctx [54/90] kernfs: remove lsm_context scaffolding [55/90] LSM: Remove unused macro [56/90] LSM: Special handling for secctx lsm hooks [57/90] SELinux: Use blob offset in current_sid [58/90] LSM: Specify which LSM to display [59/90] AppArmor: Remove the exclusive flag [60/90] LSM: Add secmark_relabel_packet to the set of one call hooks [61/90] LSM: Make getting the secmark right cleaner [62/90] netfilter: Fix memory leak introduced with lsm_context [63/90] Smack: Consolidate secmark conversions [64/90] netfilter: Remove unnecessary NULL check in lsm_context [65/90] LSM: Add secmark refcounting to call_one list [66/90] LSM: refactor security_setprocattr [67/90] Smack: Detect if secmarks can be safely used [68/90] LSM: Support multiple LSMs using inode_init_security [69/90] LSM: Use full security context in security_inode_setsecctx [70/90] LSM: Correct handling of ENOSYS in inode_setxattr [71/90] LSM: Infrastructure security blobs for mount options [72/90] LSM: Fix for security_init_inode_security [73/90] Smack: Advertise the secid to netlabel [74/90] LSM: Change error detection for UDP peer security [75/90] Smack: Fix setting of the CIPSO MLS_CAT flags [76/90] Smack: Set netlabel flags properly on new label import [77/90] Netlabel: Add a secattr comparison API function [78/90] Smack: Let netlabel do the work on the ambient domain [79/90] Smack: Don't set the socket label on each send [80/90] Smack: Let netlabel do the work on connections [81/90] Netlabel: Return the labeling type on socket

Message ID

20190419004617.64627-75-casey@schaufler-ca.com (mailing list archive)

State

New, archived

Headers

From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com
Subject: [PATCH 74/90] LSM: Change error detection for UDP peer security
Date: Thu, 18 Apr 2019 17:46:01 -0700
Message-Id: <20190419004617.64627-75-casey@schaufler-ca.com>
In-Reply-To: <20190419004617.64627-1-casey@schaufler-ca.com>
References: <20190419004617.64627-1-casey@schaufler-ca.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk

Series

LSM: Module stacking for all | expand

Commit Message

Casey Schaufler April 19, 2019, 12:46 a.m. UTC

security_socket_getpeercred_dgram() supplies secids for use
by security_secid_to_secctx(). Sometimes a secid will be invalid.
Move the check for an invalid secid from the LSM specific
socket_getpeercred_dgram hooks into the secid_to_secctx hooks.
This allows for the case where one LSM (Smack) will provide a
secid and another (SELinux) to have an error for the same call.
Regardless of which LSM the caller wants to see the peer security
attributes for the correct result will be provided.

As there is no longer any reason for security_secid_to_secctx()
to return a value make all the secid_to_secctx functions void
instead of int. Add checking for a invalid secid to the Smack
and SELinux secid_to_secctx hooks.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/lsm_hooks.h  |  3 +--
 include/linux/security.h   | 11 +++++------
 net/ipv4/ip_sockglue.c     |  4 +---
 security/security.c        |  7 +++----
 security/selinux/hooks.c   | 13 +++++++------
 security/smack/smack_lsm.c | 17 ++++++++---------
 6 files changed, 25 insertions(+), 30 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 34f98cfe2ffd..0bb064c8b2dd 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -883,7 +883,6 @@ 
  *	@sock is the socket
  *	@skb is the skbuff for the packet being queried
  *	@l is a pointer to a buffer in which to copy the security data
- *	Return 0 on success, error on failure.
  * @sk_alloc_security:
  *	Allocate and attach a security structure to the sk->sk_security field,
  *	which is used to copy security attributes between local stream sockets.
@@ -1699,7 +1698,7 @@  union security_list_options {
 	int (*socket_getpeersec_stream)(struct socket *sock,
 					char __user *optval,
 					int __user *optlen, unsigned len);
-	int (*socket_getpeersec_dgram)(struct socket *sock,
+	void (*socket_getpeersec_dgram)(struct socket *sock,
 					struct sk_buff *skb,
 					struct lsm_export *l);
 	int (*sk_alloc_security)(struct sock *sk, int family, gfp_t priority);
diff --git a/include/linux/security.h b/include/linux/security.h
index 8eb849d71e9d..99f9824ec230 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1288,8 +1288,8 @@  int security_socket_shutdown(struct socket *sock, int how);
 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				      int __user *optlen, unsigned len);
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
-				     struct lsm_export *l);
+void security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+				      struct lsm_export *l);
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
 void security_sk_free(struct sock *sk);
 void security_sk_clone(const struct sock *sk, struct sock *newsk);
@@ -1427,11 +1427,10 @@  static inline int security_socket_getpeersec_stream(struct socket *sock, char __
 	return -ENOPROTOOPT;
 }
 
-static inline int security_socket_getpeersec_dgram(struct socket *sock,
-						   struct sk_buff *skb,
-						   struct lsm_export *l)
+static inline void security_socket_getpeersec_dgram(struct socket *sock,
+						    struct sk_buff *skb,
+						    struct lsm_export *l)
 {
-	return -ENOPROTOOPT;
 }
 
 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 56035b53952d..ae69718d87ae 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -134,9 +134,7 @@  static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 	struct lsm_context lc;
 	int err;
 
-	err = security_socket_getpeersec_dgram(NULL, skb, &le);
-	if (err)
-		return;
+	security_socket_getpeersec_dgram(NULL, skb, &le);
 
 	err = security_secid_to_secctx(&le, &lc);
 	if (err)
diff --git a/security/security.c b/security/security.c
index 1a54e7b1196e..0bbe0dfd3cfc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2402,12 +2402,11 @@  int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				optval, optlen, len);
 }
 
-int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
-				     struct lsm_export *l)
+void security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
+				      struct lsm_export *l)
 {
 	lsm_export_init(l);
-	return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, skb,
-			     l);
+	call_void_hook(socket_getpeersec_dgram, sock, skb, l);
 }
 EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 86578f7de131..93c3982d940c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4939,9 +4939,9 @@  static int selinux_socket_getpeersec_stream(struct socket *sock,
 	return err;
 }
 
-static int selinux_socket_getpeersec_dgram(struct socket *sock,
-					   struct sk_buff *skb,
-					   struct lsm_export *l)
+static void selinux_socket_getpeersec_dgram(struct socket *sock,
+					    struct sk_buff *skb,
+					    struct lsm_export *l)
 {
 	u32 peer_secid = SECSID_NULL;
 	u16 family;
@@ -4964,9 +4964,7 @@  static int selinux_socket_getpeersec_dgram(struct socket *sock,
 
 out:
 	selinux_export_secid(l, peer_secid);
-	if (peer_secid == SECSID_NULL)
-		return -EINVAL;
-	return 0;
+	return;
 }
 
 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
@@ -6313,6 +6311,9 @@  static int selinux_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
 	u32 secid;
 
 	selinux_import_secid(l, &secid);
+	if (secid == SECSID_NULL)
+		return -EINVAL;
+
 	cp->release = selinux_release_secctx;
 	if (l->flags & LSM_EXPORT_LENGTH)
 		return security_sid_to_context(&selinux_state, secid,
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3fd46cd2c4b1..e18245a52e80 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3988,9 +3988,9 @@  static int smack_socket_getpeersec_stream(struct socket *sock,
  *
  * Sets the netlabel socket state on sk from parent
  */
-static int smack_socket_getpeersec_dgram(struct socket *sock,
-					 struct sk_buff *skb,
-					 struct lsm_export *l)
+static void smack_socket_getpeersec_dgram(struct socket *sock,
+					  struct sk_buff *skb,
+					  struct lsm_export *l)
 
 {
 	struct netlbl_lsm_secattr secattr;
@@ -3998,7 +3998,6 @@  static int smack_socket_getpeersec_dgram(struct socket *sock,
 	struct smack_known *skp;
 	int family = PF_UNSPEC;
 	u32 s = 0;	/* 0 is the invalid secid */
-	int rc;
 
 	if (skb != NULL) {
 		if (skb->protocol == htons(ETH_P_IP))
@@ -4028,8 +4027,7 @@  static int smack_socket_getpeersec_dgram(struct socket *sock,
 		if (sock != NULL && sock->sk != NULL)
 			ssp = smack_sock(sock->sk);
 		netlbl_secattr_init(&secattr);
-		rc = netlbl_skbuff_getattr(skb, family, &secattr);
-		if (rc == 0) {
+		if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) {
 			skp = smack_from_secattr(&secattr, ssp);
 			s = skp->smk_secid;
 		}
@@ -4044,9 +4042,7 @@  static int smack_socket_getpeersec_dgram(struct socket *sock,
 		break;
 	}
 	smack_export_secid(l, s);
-	if (s == 0)
-		return -EINVAL;
-	return 0;
+	return;
 }
 
 /**
@@ -4458,6 +4454,9 @@  static int smack_secid_to_secctx(struct lsm_export *l, struct lsm_context *cp)
 	u32 secid;
 
 	smack_import_secid(l, &secid);
+	if (secid == 0)
+		return -EINVAL;
+
 	skp = smack_from_secid(secid);
 
 	cp->context = (l->flags & LSM_EXPORT_LENGTH) ? NULL : skp->smk_known;

[74/90] LSM: Change error detection for UDP peer security

Commit Message

Patch