[35/58] LSM: Limit calls to certain module hooks

Message ID	20190602165101.25079-36-casey@schaufler-ca.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <selinux-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH 35/58] LSM: Limit calls to certain module hooks Date: Sun, 2 Jun 2019 09:50:38 -0700 Message-Id: <20190602165101.25079-36-casey@schaufler-ca.com> In-Reply-To: <20190602165101.25079-1-casey@schaufler-ca.com> References: <20190602165101.25079-1-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	LSM: Module stacking for AppArmor \| expand [00/58] LSM: Module stacking for AppArmor [01/58] LSM: Infrastructure management of the superblock [02/58] LSM: Infrastructure management of the sock security [03/58] LSM: Infrastructure management of the key security blob [04/58] LSM: Create an lsm_export data structure. [05/58] LSM: Use lsm_export in the inode_getsecid hooks [06/58] LSM: Use lsm_export in the cred_getsecid hooks [07/58] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks [08/58] LSM: Use lsm_export in the kernel_ask_as hooks [09/58] LSM: Use lsm_export in the getpeersec_dgram hooks [10/58] LSM: Use lsm_export in the audit_rule_match hooks [11/58] LSM: Use lsm_export in the secid_to_secctx hooks [12/58] LSM: Use lsm_export in the secctx_to_secid hooks [13/58] LSM: Use lsm_export in security_audit_rule_match [14/58] LSM: Use lsm_export in security_kernel_act_as [15/58] LSM: Use lsm_export in security_socket_getpeersec_dgram [16/58] LSM: Use lsm_export in security_secctx_to_secid [17/58] LSM: Use lsm_export in security_secid_to_secctx [18/58] LSM: Use lsm_export in security_ipc_getsecid [19/58] LSM: Use lsm_export in security_task_getsecid [20/58] LSM: Use lsm_export in security_inode_getsecid [21/58] LSM: Use lsm_export in security_cred_getsecid [22/58] Audit: Change audit_sig_sid to audit_sig_lsm [23/58] Audit: Convert target_sid to an lsm_export structure [24/58] Audit: Convert osid to an lsm_export structure [25/58] IMA: Clean out lsm_export scaffolding [26/58] NET: Change the UNIXCB from a secid to an lsm_export [27/58] NET: Remove scaffolding on secmarks [28/58] NET: Remove scaffolding on new secmarks [29/58] NET: Remove netfilter scaffolding for lsm_export [30/58] Netlabel: Replace secids with lsm_export [31/58] LSM: Remove lsm_export scaffolding functions [32/58] IMA: FIXUP prototype using lsm_export [33/58] Smack: Restore the release_secctx hook [34/58] AppArmor: Remove unnecessary hook stub [35/58] LSM: Limit calls to certain module hooks [36/58] LSM: Create a data structure for a security context [37/58] LSM: Use lsm_context in secid_to_secctx hooks [38/58] LSM: Use lsm_context in secctx_to_secid hooks [39/58] LSM: Use lsm_context in inode_getsecctx hooks [40/58] LSM: Use lsm_context in inode_notifysecctx hooks [41/58] LSM: Use lsm_context in dentry_init_security hooks [42/58] LSM: Use lsm_context in security_dentry_init_security [43/58] LSM: Use lsm_context in security_inode_notifysecctx [44/58] LSM: Use lsm_context in security_inode_getsecctx [45/58] LSM: Use lsm_context in security_secctx_to_secid [46/58] LSM: Use lsm_context in release_secctx hooks [47/58] LSM: Use lsm_context in security_release_secctx [48/58] LSM: Use lsm_context in security_secid_to_secctx [49/58] fs: remove lsm_context scaffolding [50/58] LSM: Add the release function to the lsm_context [51/58] LSM: Use lsm_context in inode_setsecctx hooks [52/58] LSM: Use lsm_context in security_inode_setsecctx [53/58] kernfs: remove lsm_context scaffolding [54/58] LSM: Remove unused macro [55/58] LSM: Special handling for secctx lsm hooks [56/58] SELinux: Use blob offset in current_sid [57/58] LSM: Specify which LSM to display [58/58] AppArmor: Remove the exclusive flag

Message ID

20190602165101.25079-36-casey@schaufler-ca.com (mailing list archive)

State

Superseded

Headers

From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, keescook@chromium.org,
        john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
        paul@paul-moore.com, sds@tycho.nsa.gov
Subject: [PATCH 35/58] LSM: Limit calls to certain module hooks
Date: Sun,  2 Jun 2019 09:50:38 -0700
Message-Id: <20190602165101.25079-36-casey@schaufler-ca.com>
In-Reply-To: <20190602165101.25079-1-casey@schaufler-ca.com>
References: <20190602165101.25079-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: selinux-owner@vger.kernel.org
Precedence: bulk

Series

LSM: Module stacking for AppArmor | expand

Commit Message

Casey Schaufler June 2, 2019, 4:50 p.m. UTC

LSM hooks dealing with security context strings should
only be called for one security module. Add call macros
that invoke a single module hook and us in for those cases.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/security.c | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

Comments

Ondrej Mosnacek June 10, 2019, 10:20 a.m. UTC | #1

Hi Casey,

On Sun, Jun 2, 2019 at 6:53 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
> LSM hooks dealing with security context strings should
> only be called for one security module. Add call macros
> that invoke a single module hook and us in for those cases.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  security/security.c | 32 ++++++++++++++++++++++++++++----
>  1 file changed, 28 insertions(+), 4 deletions(-)
>
> diff --git a/security/security.c b/security/security.c
> index 69983ad68233..365970f2501d 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -698,6 +698,16 @@ int lsm_superblock_alloc(struct super_block *sb)
>                         P->hook.FUNC(__VA_ARGS__);              \
>         } while (0)
>
> +#define call_one_void_hook(FUNC, ...)                          \
> +       do {                                                    \
> +               struct security_hook_list *P;                   \
> +                                                               \
> +               hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
> +                       P->hook.FUNC(__VA_ARGS__);              \
> +                       break;                                  \
> +               }                                               \
> +       } while (0)
> +
>  #define call_int_hook(FUNC, IRC, ...) ({                       \
>         int RC = IRC;                                           \
>         do {                                                    \
> @@ -712,6 +722,19 @@ int lsm_superblock_alloc(struct super_block *sb)
>         RC;                                                     \
>  })
>
> +#define call_one_int_hook(FUNC, IRC, ...) ({                   \
> +       int RC = IRC;                                           \
> +       do {                                                    \
> +               struct security_hook_list *P;                   \
> +                                                               \
> +               hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
> +                       RC = P->hook.FUNC(__VA_ARGS__);         \
> +                       break;                                  \
> +               }                                               \
> +       } while (0);                                            \
> +       RC;                                                     \
> +})
> +
>  /* Security operations */
>
>  int security_binder_set_context_mgr(struct task_struct *mgr)
> @@ -1951,7 +1974,8 @@ EXPORT_SYMBOL(security_ismaclabel);
>
>  int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen)
>  {
> -       return call_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata, seclen);
> +       return call_one_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata,
> +                                seclen);
>  }
>  EXPORT_SYMBOL(security_secid_to_secctx);
>
> @@ -1959,13 +1983,13 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
>                              struct lsm_export *l)
>  {
>         lsm_export_init(l);
> -       return call_int_hook(secctx_to_secid, 0, secdata, seclen, l);
> +       return call_one_int_hook(secctx_to_secid, 0, secdata, seclen, l);
>  }
>  EXPORT_SYMBOL(security_secctx_to_secid);
>
>  void security_release_secctx(char *secdata, u32 seclen)
>  {
> -       call_void_hook(release_secctx, secdata, seclen);
> +       call_one_void_hook(release_secctx, secdata, seclen);
>  }
>  EXPORT_SYMBOL(security_release_secctx);
>
> @@ -2090,7 +2114,7 @@ EXPORT_SYMBOL(security_sock_rcv_skb);
>  int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
>                                       int __user *optlen, unsigned len)
>  {
> -       return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
> +       return call_one_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
>                                 optval, optlen, len);
>  }
>
> --
> 2.19.1
>

Shouldn't dentry_init_security() use call_one_int_hook() as well? It
also returns a context string.

Thanks,

diff --git a/security/security.c b/security/security.c
index 69983ad68233..365970f2501d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -698,6 +698,16 @@  int lsm_superblock_alloc(struct super_block *sb)
 			P->hook.FUNC(__VA_ARGS__);		\
 	} while (0)
 
+#define call_one_void_hook(FUNC, ...)				\
+	do {							\
+		struct security_hook_list *P;			\
+								\
+		hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
+			P->hook.FUNC(__VA_ARGS__);		\
+			break;					\
+		}						\
+	} while (0)
+
 #define call_int_hook(FUNC, IRC, ...) ({			\
 	int RC = IRC;						\
 	do {							\
@@ -712,6 +722,19 @@  int lsm_superblock_alloc(struct super_block *sb)
 	RC;							\
 })
 
+#define call_one_int_hook(FUNC, IRC, ...) ({			\
+	int RC = IRC;						\
+	do {							\
+		struct security_hook_list *P;			\
+								\
+		hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
+			RC = P->hook.FUNC(__VA_ARGS__);		\
+			break;					\
+		}						\
+	} while (0);						\
+	RC;							\
+})
+
 /* Security operations */
 
 int security_binder_set_context_mgr(struct task_struct *mgr)
@@ -1951,7 +1974,8 @@  EXPORT_SYMBOL(security_ismaclabel);
 
 int security_secid_to_secctx(struct lsm_export *l, char **secdata, u32 *seclen)
 {
-	return call_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata, seclen);
+	return call_one_int_hook(secid_to_secctx, -EOPNOTSUPP, l, secdata,
+				 seclen);
 }
 EXPORT_SYMBOL(security_secid_to_secctx);
 
@@ -1959,13 +1983,13 @@  int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsm_export *l)
 {
 	lsm_export_init(l);
-	return call_int_hook(secctx_to_secid, 0, secdata, seclen, l);
+	return call_one_int_hook(secctx_to_secid, 0, secdata, seclen, l);
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 
 void security_release_secctx(char *secdata, u32 seclen)
 {
-	call_void_hook(release_secctx, secdata, seclen);
+	call_one_void_hook(release_secctx, secdata, seclen);
 }
 EXPORT_SYMBOL(security_release_secctx);
 
@@ -2090,7 +2114,7 @@  EXPORT_SYMBOL(security_sock_rcv_skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				      int __user *optlen, unsigned len)
 {
-	return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
+	return call_one_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
 				optval, optlen, len);
 }

[35/58] LSM: Limit calls to certain module hooks

Commit Message

Comments

Patch