From patchwork Mon Jul 11 19:29:56 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 9224003 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D2F3260572 for ; Mon, 11 Jul 2016 19:30:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BF55E27DCE for ; Mon, 11 Jul 2016 19:30:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B432F27E5A; Mon, 11 Jul 2016 19:30:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BAD1227DCE for ; Mon, 11 Jul 2016 19:30:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751251AbcGKTaG (ORCPT ); Mon, 11 Jul 2016 15:30:06 -0400 Received: from nm42-vm5.bullet.mail.bf1.yahoo.com ([216.109.114.204]:37394 "EHLO nm42-vm5.bullet.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750941AbcGKTaE (ORCPT ); Mon, 11 Jul 2016 15:30:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1468265402; bh=yGHWEowjSHT1QaHb5+BlG+Gl6Gr2L1n7KtYGZsCYJhA=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=ibNyOq1kECRAa3KkpX5U20wt4tBnFWv3Jgnv2kPYpV1pmNf2DocQtQZ8OSnfZ1id6N9ezM+aS4IQ0MA5stXrnsLdSv8XIyfBh2ZtjsJ4PCuna3MaIiSS8rhjM9/8s8f1wRAV1wkkbr8c59U2+kcL7jSqWJVMPAdxmJrobs+eJlvcUGzdFLzZnQgWXqYRXloiRcBkSYpsiz0u4449lYqyjucVSOwC0KnUVCR/Obb5iiAbvH+JCHpEFtKZfdas7q1LaHCxC3VPBMhF0II4b5u+Ydk0HzV8jqxHyjBC0ShX6j6BK87kJr47BbPZ+ttdJFmAr5WfdGuypytfPBCZCvxDZA== Received: from [98.139.215.141] by nm42.bullet.mail.bf1.yahoo.com with NNFMP; 11 Jul 2016 19:30:02 -0000 Received: from [68.142.230.74] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 11 Jul 2016 19:30:02 -0000 Received: from [127.0.0.1] by smtp231.mail.bf1.yahoo.com with NNFMP; 11 Jul 2016 19:30:02 -0000 X-Yahoo-Newman-Id: 465337.3053.bm@smtp231.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: iFAXZ0IVM1nnOazxxWs2Dh0qTqXl5vUPskonSEGrwv6.vec 8R_qbWsI3GytFPVOtX5bnjn.iVkg4O6Mz1bXXJQlc8GO4viWSdFni7P37KPH 7fwIXa80.B8l17HPNyPpXQIoCb2AMinBOf7nLffx7EFNGySaLnQhnQ._393v 2haynj_Jny9ZhyxSC.tZZ1iWbD084stsE0VwVvIEIrb2rVqdTxZ6bIj.VQwK 9gbKh7TTtBcx5.I7Jma6E508VcT60UUnwOK4j2RleHtyvKQ2wLoyepczJtuH Eq1uPooVFNRP9phAvDAepjZgvnRvDXIjKPa62rlG.uMtdpd_tP4URTXIjvai hbfr6epMCFMtX2voWh8sgEP4ixTq3Psml3UYqIMOn3_3FfY5dU_qvYrnsahX S.Uijoct2OkNCJixDLRptOP4UiDRygeUR4VVPS_daN0rJ3TyOoYFEvVLmbHc hpar0nuNi1DI8qwaZgj9g39h_rlHdz5oFEWH1KaPcE_LfO_eIAPNwPujMljR W2_5l8G2I0QLmTcxdnKs0lVNEavqkPBo041hyBrVZX07CBGoKGW64BkCTwIZ n7zxDY4GzyoSD X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Subject: [PATCH RFC 02/10] SELinux: Abstract the cred security blob To: LSM , James Morris References: Cc: John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley From: Casey Schaufler Message-ID: Date: Mon, 11 Jul 2016 12:29:56 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Subject: [PATCH RFC 02/10] SELinux: Abstract the cred security blob Abstract reading the credential security blob. Remove abstraction when writing the credential security blob. There is no change in the behavior of the code. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 63 ++++++++++++++++++++------------------- security/selinux/include/objsec.h | 9 ++++++ security/selinux/selinuxfs.c | 3 +- security/selinux/xfrm.c | 4 +-- 4 files changed, 46 insertions(+), 33 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6397721..cbadbab 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -177,13 +177,16 @@ static void cred_init_security(void) { struct cred *cred = (struct cred *) current->real_cred; struct task_security_struct *tsec; + void *b; + int size; - tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); - if (!tsec) + size = sizeof(struct task_security_struct); + b = kzalloc(size, GFP_KERNEL); + if (!b) panic("SELinux: Failed to initialize initial task.\n"); - + cred->security = b; + tsec = selinux_cred(cred); tsec->osid = tsec->sid = SECINITSID_KERNEL; - cred->security = tsec; } /* @@ -193,7 +196,7 @@ static inline u32 cred_sid(const struct cred *cred) { const struct task_security_struct *tsec; - tsec = cred->security; + tsec = selinux_cred(cred); return tsec->sid; } @@ -215,7 +218,7 @@ static inline u32 task_sid(const struct task_struct *task) */ static inline u32 current_sid(void) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); return tsec->sid; } @@ -450,7 +453,7 @@ static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -467,7 +470,7 @@ static int may_context_mount_inode_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, NULL); @@ -1604,8 +1607,8 @@ static int task_has_perm(const struct task_struct *tsk1, u32 sid1, sid2; rcu_read_lock(); - __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; - __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; + __tsec1 = selinux_cred(__task_cred(tsk1)); sid1 = __tsec1->sid; + __tsec2 = selinux_cred(__task_cred(tsk2)); sid2 = __tsec2->sid; rcu_read_unlock(); return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); } @@ -1791,7 +1794,7 @@ static int selinux_determine_inode_label(struct inode *dir, u32 *_new_isid) { const struct superblock_security_struct *sbsec = dir->i_sb->s_security; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if ((sbsec->flags & SE_SBINITIALIZED) && (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { @@ -1813,7 +1816,7 @@ static int may_create(struct inode *dir, struct dentry *dentry, u16 tclass) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; @@ -2303,8 +2306,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (bprm->cred_prepared) return 0; - old_tsec = current_security(); - new_tsec = bprm->cred->security; + old_tsec = selinux_cred(current_cred()); + new_tsec = selinux_cred(bprm->cred); isec = inode_security(inode); /* Default to the current task SID. */ @@ -2394,7 +2397,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) static int selinux_bprm_secureexec(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 sid, osid; int atsecure = 0; @@ -2476,7 +2479,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) struct rlimit *rlim, *initrlim; int rc, i; - new_tsec = bprm->cred->security; + new_tsec = selinux_cred(bprm->cred); if (new_tsec->sid == new_tsec->osid) return; @@ -2517,7 +2520,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) */ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct itimerval itimer; u32 osid, sid; int rc, i; @@ -2829,7 +2832,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const char **name, void **value, size_t *len) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; u32 sid, newsid, clen; int rc; @@ -3639,7 +3642,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void selinux_cred_free(struct cred *cred) { - struct task_security_struct *tsec = cred->security; + struct task_security_struct *tsec = selinux_cred(cred); /* * cred->security == NULL if security_cred_alloc_blank() or @@ -3659,7 +3662,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, const struct task_security_struct *old_tsec; struct task_security_struct *tsec; - old_tsec = old->security; + old_tsec = selinux_cred(old); tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); if (!tsec) @@ -3674,8 +3677,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, */ static void selinux_cred_transfer(struct cred *new, const struct cred *old) { - const struct task_security_struct *old_tsec = old->security; - struct task_security_struct *tsec = new->security; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); *tsec = *old_tsec; } @@ -3686,7 +3689,7 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old) */ static int selinux_kernel_act_as(struct cred *new, u32 secid) { - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -3710,7 +3713,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_security_struct *isec = inode_security(inode); - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -4176,7 +4179,7 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) static int selinux_socket_create(int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 newsid; u16 secclass; int rc; @@ -4195,7 +4198,7 @@ static int selinux_socket_create(int family, int type, static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); struct sk_security_struct *sksec; int err = 0; @@ -4803,7 +4806,7 @@ static int selinux_secmark_relabel_packet(u32 sid) const struct task_security_struct *__tsec; u32 tsid; - __tsec = current_security(); + __tsec = selinux_cred(current_cred()); tsid = __tsec->sid; return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); @@ -5707,7 +5710,7 @@ static int selinux_getprocattr(struct task_struct *p, } rcu_read_lock(); - __tsec = __task_cred(p)->security; + __tsec = selinux_cred(__task_cred(p)); if (!strcmp(name, "current")) sid = __tsec->sid; @@ -5831,7 +5834,7 @@ static int selinux_setprocattr(struct task_struct *p, operation. See selinux_bprm_set_creds for the execve checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ - tsec = new->security; + tsec = selinux_cred(new); if (!strcmp(name, "exec")) { tsec->exec_sid = sid; } else if (!strcmp(name, "fscreate")) { @@ -5953,7 +5956,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, if (!ksec) return -ENOMEM; - tsec = cred->security; + tsec = selinux_cred(cred); if (tsec->keycreate_sid) ksec->sid = tsec->keycreate_sid; else diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index c21e135..8556776 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -24,6 +24,9 @@ #include #include #include +#include +#include +#include #include #include "flask.h" #include "avc.h" @@ -129,5 +132,11 @@ struct key_security_struct { }; extern unsigned int selinux_checkreqprot; +extern struct lsm_blob_sizes selinux_blob_sizes; + +static inline struct task_security_struct *selinux_cred(const struct cred *cred) +{ + return cred->security; +} #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 1b1fd27..2c47914 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -30,6 +30,7 @@ #include #include #include +#include /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ @@ -85,7 +86,7 @@ static int task_has_security(struct task_struct *tsk, u32 sid = 0; rcu_read_lock(); - tsec = __task_cred(tsk)->security; + tsec = selinux_cred(__task_cred(tsk)); if (tsec) sid = tsec->sid; rcu_read_unlock(); diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 56e354f..789d07b 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, gfp_t gfp) { int rc; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct xfrm_sec_ctx *ctx = NULL; u32 str_len; @@ -136,7 +136,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) */ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if (!ctx) return 0;