[2/2] Add LSM hooks for mq_timedsend and mq_timedreceive
diff mbox

Message ID 309c3eb6dac783590b66e39e66d7f85f1ba66a20.1468394884.git.laurent.georget@supelec.fr
State New
Headers show

Commit Message

Laurent Georget July 13, 2016, 7:32 a.m. UTC
Signed-off-by: Laurent Georget <laurent.georget@supelec.fr>

---
 include/linux/security.h | 16 ++++++++++++++++
 ipc/mqueue.c             |  9 +++++++++
 2 files changed, 25 insertions(+)

Comments

Stephen Smalley July 21, 2016, 1:36 p.m. UTC | #1
On 07/13/2016 03:32 AM, Laurent Georget wrote:
> Signed-off-by: Laurent Georget <laurent.georget@supelec.fr>
> 
> ---
>  include/linux/security.h | 16 ++++++++++++++++
>  ipc/mqueue.c             |  9 +++++++++
>  2 files changed, 25 insertions(+)
> 
> diff --git a/include/linux/security.h b/include/linux/security.h
> index c3e2109..8f4d5c5 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -338,6 +338,10 @@ int security_msg_queue_msgsnd(struct msg_queue *msq,
>  			      struct msg_msg *msg, int msqflg);
>  int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
>  			      struct task_struct *target, long type, int mode);
> +int security_mq_timedsend(struct file *mq, size_t msg_len,
> +		          unsigned long msg_prio, struct timespec *ts);
> +int security_mq_timedreceive(struct file *mq, size_t msg_len,
> +		             struct timespec *ts);
>  int security_shm_alloc(struct shmid_kernel *shp);
>  void security_shm_free(struct shmid_kernel *shp);
>  int security_shm_associate(struct shmid_kernel *shp, int shmflg);
> @@ -1018,6 +1022,18 @@ static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
>  	return 0;
>  }
>  
> +static inline int security_mq_timedsend(struct file *mq, size_t msg_len,
> +					unsigned long msg_prio,
> +					struct timespec *ts)
> +{
> +	return 0;
> +}
> +static inline int security_mq_timedreceive(struct file *mq, size_t msg_len,
> +					   struct timespec *ts)
> +{
> +	return 0;
> +}
> +

Similarly, you need more than this in the CONFIG_SECURITY=y case if
defining new hooks.

>  static inline int security_shm_alloc(struct shmid_kernel *shp)
>  {
>  	return 0;
> diff --git a/ipc/mqueue.c b/ipc/mqueue.c
> index ade739f..da8ec3a 100644
> --- a/ipc/mqueue.c
> +++ b/ipc/mqueue.c
> @@ -1002,6 +1002,11 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
>  		goto out_fput;
>  	}
>  
> +	ret = security_mq_timedsend(f.file, msg_len, msg_prio,
> +			timeout ? &ts : NULL);
> +	if (ret)
> +		goto out_fput;
> +
>  	if (unlikely(msg_len > info->attr.mq_msgsize)) {
>  		ret = -EMSGSIZE;
>  		goto out_fput;
> @@ -1118,6 +1123,10 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
>  		goto out_fput;
>  	}
>  
> +	ret = security_mq_timedreceive(f.file, msg_len, timeout ? &ts : NULL);
> +	if (ret)
> +		goto out_fput;
> +
>  	/* checks if buffer is big enough */
>  	if (unlikely(msg_len < info->attr.mq_msgsize)) {
>  		ret = -EMSGSIZE;
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Stephen Smalley July 21, 2016, 1:59 p.m. UTC | #2
On 07/21/2016 09:36 AM, Stephen Smalley wrote:
> On 07/13/2016 03:32 AM, Laurent Georget wrote:
>> Signed-off-by: Laurent Georget <laurent.georget@supelec.fr>
>>
>> ---
>>  include/linux/security.h | 16 ++++++++++++++++
>>  ipc/mqueue.c             |  9 +++++++++
>>  2 files changed, 25 insertions(+)
>>
>> diff --git a/include/linux/security.h b/include/linux/security.h
>> index c3e2109..8f4d5c5 100644
>> --- a/include/linux/security.h
>> +++ b/include/linux/security.h
>> @@ -338,6 +338,10 @@ int security_msg_queue_msgsnd(struct msg_queue *msq,
>>  			      struct msg_msg *msg, int msqflg);
>>  int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
>>  			      struct task_struct *target, long type, int mode);
>> +int security_mq_timedsend(struct file *mq, size_t msg_len,
>> +		          unsigned long msg_prio, struct timespec *ts);
>> +int security_mq_timedreceive(struct file *mq, size_t msg_len,
>> +		             struct timespec *ts);
>>  int security_shm_alloc(struct shmid_kernel *shp);
>>  void security_shm_free(struct shmid_kernel *shp);
>>  int security_shm_associate(struct shmid_kernel *shp, int shmflg);
>> @@ -1018,6 +1022,18 @@ static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
>>  	return 0;
>>  }
>>  
>> +static inline int security_mq_timedsend(struct file *mq, size_t msg_len,
>> +					unsigned long msg_prio,
>> +					struct timespec *ts)
>> +{
>> +	return 0;
>> +}
>> +static inline int security_mq_timedreceive(struct file *mq, size_t msg_len,
>> +					   struct timespec *ts)
>> +{
>> +	return 0;
>> +}
>> +
> 
> Similarly, you need more than this in the CONFIG_SECURITY=y case if
> defining new hooks.
> 
>>  static inline int security_shm_alloc(struct shmid_kernel *shp)
>>  {
>>  	return 0;
>> diff --git a/ipc/mqueue.c b/ipc/mqueue.c
>> index ade739f..da8ec3a 100644
>> --- a/ipc/mqueue.c
>> +++ b/ipc/mqueue.c
>> @@ -1002,6 +1002,11 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
>>  		goto out_fput;
>>  	}
>>  
>> +	ret = security_mq_timedsend(f.file, msg_len, msg_prio,
>> +			timeout ? &ts : NULL);

I see no potential use of the msg_len, msg_prio, or ts arguments, so
just drop those.  At that point, is this hook any different than
security_file_permission(f.file, MAY_WRITE)?


>> +	if (ret)
>> +		goto out_fput;
>> +
>>  	if (unlikely(msg_len > info->attr.mq_msgsize)) {
>>  		ret = -EMSGSIZE;
>>  		goto out_fput;
>> @@ -1118,6 +1123,10 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
>>  		goto out_fput;
>>  	}
>>  
>> +	ret = security_mq_timedreceive(f.file, msg_len, timeout ? &ts : NULL);
>> +	if (ret)
>> +		goto out_fput;

Likewise, could this be as simple as security_file_permission(f.file,
MAY_READ)?

>> +
>>  	/* checks if buffer is big enough */
>>  	if (unlikely(msg_len < info->attr.mq_msgsize)) {
>>  		ret = -EMSGSIZE;
>>
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/include/linux/security.h b/include/linux/security.h
index c3e2109..8f4d5c5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -338,6 +338,10 @@  int security_msg_queue_msgsnd(struct msg_queue *msq,
 			      struct msg_msg *msg, int msqflg);
 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
 			      struct task_struct *target, long type, int mode);
+int security_mq_timedsend(struct file *mq, size_t msg_len,
+		          unsigned long msg_prio, struct timespec *ts);
+int security_mq_timedreceive(struct file *mq, size_t msg_len,
+		             struct timespec *ts);
 int security_shm_alloc(struct shmid_kernel *shp);
 void security_shm_free(struct shmid_kernel *shp);
 int security_shm_associate(struct shmid_kernel *shp, int shmflg);
@@ -1018,6 +1022,18 @@  static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
 	return 0;
 }
 
+static inline int security_mq_timedsend(struct file *mq, size_t msg_len,
+					unsigned long msg_prio,
+					struct timespec *ts)
+{
+	return 0;
+}
+static inline int security_mq_timedreceive(struct file *mq, size_t msg_len,
+					   struct timespec *ts)
+{
+	return 0;
+}
+
 static inline int security_shm_alloc(struct shmid_kernel *shp)
 {
 	return 0;
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index ade739f..da8ec3a 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -1002,6 +1002,11 @@  SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr,
 		goto out_fput;
 	}
 
+	ret = security_mq_timedsend(f.file, msg_len, msg_prio,
+			timeout ? &ts : NULL);
+	if (ret)
+		goto out_fput;
+
 	if (unlikely(msg_len > info->attr.mq_msgsize)) {
 		ret = -EMSGSIZE;
 		goto out_fput;
@@ -1118,6 +1123,10 @@  SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr,
 		goto out_fput;
 	}
 
+	ret = security_mq_timedreceive(f.file, msg_len, timeout ? &ts : NULL);
+	if (ret)
+		goto out_fput;
+
 	/* checks if buffer is big enough */
 	if (unlikely(msg_len < info->attr.mq_msgsize)) {
 		ret = -EMSGSIZE;