[04/58] LSM: Create an lsm_export data structure.
diff mbox series

Message ID 20190531231020.628-5-casey@schaufler-ca.com
State Superseded
Headers show
Series
  • LSM: Module stacking for AppArmor
Related show

Commit Message

Casey Schaufler May 31, 2019, 11:09 p.m. UTC
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comments

Kees Cook June 1, 2019, 3:23 p.m. UTC | #1
On Fri, May 31, 2019 at 04:09:26PM -0700, Casey Schaufler wrote:
> When more than one security module is exporting data to
> audit and networking sub-systems a single 32 bit integer
> is no longer sufficient to represent the data. Add a
> structure to be used instead.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Reviewed-by: Kees Cook <keescook@chromium.org>

Thoughts below...

> ---
>  include/linux/security.h | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 49f2685324b0..81f9f79f9a1e 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -76,6 +76,18 @@ enum lsm_event {
>  	LSM_POLICY_CHANGE,
>  };
>  
> +/* Data exported by the security modules */
> +struct lsm_export {
> +	u32	selinux;
> +	u32	smack;
> +	u32	apparmor;
> +	u32	flags;
> +};

I think it might make more logical sent to leave flags at the start.
While I don't expect to add more fields, I find it surprising that
it is at the end. :)

-Kees

> +#define LSM_EXPORT_NONE		0x00
> +#define LSM_EXPORT_SELINUX	0x01
> +#define LSM_EXPORT_SMACK	0x02
> +#define LSM_EXPORT_APPARMOR	0x04
> +
>  /* These functions are in security/commoncap.c */
>  extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
>  		       int cap, unsigned int opts);
> -- 
> 2.19.1
>
Casey Schaufler June 3, 2019, 8:07 p.m. UTC | #2
On 6/1/2019 8:23 AM, Kees Cook wrote:
> On Fri, May 31, 2019 at 04:09:26PM -0700, Casey Schaufler wrote:
>> When more than one security module is exporting data to
>> audit and networking sub-systems a single 32 bit integer
>> is no longer sufficient to represent the data. Add a
>> structure to be used instead.
>>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> Reviewed-by: Kees Cook <keescook@chromium.org>
>
> Thoughts below...
>
>> ---
>>  include/linux/security.h | 12 ++++++++++++
>>  1 file changed, 12 insertions(+)
>>
>> diff --git a/include/linux/security.h b/include/linux/security.h
>> index 49f2685324b0..81f9f79f9a1e 100644
>> --- a/include/linux/security.h
>> +++ b/include/linux/security.h
>> @@ -76,6 +76,18 @@ enum lsm_event {
>>  	LSM_POLICY_CHANGE,
>>  };
>>  
>> +/* Data exported by the security modules */
>> +struct lsm_export {
>> +	u32	selinux;
>> +	u32	smack;
>> +	u32	apparmor;
>> +	u32	flags;
>> +};
> I think it might make more logical sent to leave flags at the start.
> While I don't expect to add more fields, I find it surprising that
> it is at the end. :)

Data structure randomization notwithstanding, it
doesn't matter to me, so I'll put the flags first.
This came about because I initially didn't think I'd
need flags, and they were add to the end when I determined
I did.

>
> -Kees
>
>> +#define LSM_EXPORT_NONE		0x00
>> +#define LSM_EXPORT_SELINUX	0x01
>> +#define LSM_EXPORT_SMACK	0x02
>> +#define LSM_EXPORT_APPARMOR	0x04
>> +
>>  /* These functions are in security/commoncap.c */
>>  extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
>>  		       int cap, unsigned int opts);
>> -- 
>> 2.19.1
>>

Patch
diff mbox series

diff --git a/include/linux/security.h b/include/linux/security.h
index 49f2685324b0..81f9f79f9a1e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -76,6 +76,18 @@  enum lsm_event {
 	LSM_POLICY_CHANGE,
 };
 
+/* Data exported by the security modules */
+struct lsm_export {
+	u32	selinux;
+	u32	smack;
+	u32	apparmor;
+	u32	flags;
+};
+#define LSM_EXPORT_NONE		0x00
+#define LSM_EXPORT_SELINUX	0x01
+#define LSM_EXPORT_SMACK	0x02
+#define LSM_EXPORT_APPARMOR	0x04
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);