From patchwork Mon Jun 12 16:56:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Salvatore Mesoraca X-Patchwork-Id: 9782345 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4B11660244 for ; Mon, 12 Jun 2017 17:00:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3190B2847B for ; Mon, 12 Jun 2017 17:00:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 267262849E; Mon, 12 Jun 2017 17:00:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, GAPPY_SUBJECT, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3A6328435 for ; Mon, 12 Jun 2017 17:00:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752018AbdFLQ75 (ORCPT ); Mon, 12 Jun 2017 12:59:57 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:35069 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754275AbdFLQ6W (ORCPT ); Mon, 12 Jun 2017 12:58:22 -0400 Received: by mail-wr0-f194.google.com with SMTP id g76so23306225wrd.2; Mon, 12 Jun 2017 09:58:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0KOhyyXv/8+A0KXouKbAWQfWvk3RgIBVoBgd+NHqhiE=; b=qVb+7LyJQTxDgVICvE1N8phj1+kc/MvBHKrtTshb9gNe9tTpYeilmJiG1CXQcWUbuJ kNz5GamaWWEXKtx2GYw3G5LnmtB6KfCxgXWdYaU/FnQ4iRbYmFa1rekgVjjWbm/4l4mB qfg9HFQsZWibbiLGP1jX2y9Vd1Va5S96wNZaqgrv6zaRsl5S+32mmszwt+9/c2NK+bzn 1ffXQFKHPVKgjHodDeyNWInmTBei6Oa9Fr8wVxgOWzFpgHZG+u/wn6LM02L3MzBJxTpx gOQJG7Dm3HuSioOJWOHQn0oVDjl+sIHJaI5GsRDDHr4DU1zcipXWNA7/ZaHTNwGSeSPX jf9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0KOhyyXv/8+A0KXouKbAWQfWvk3RgIBVoBgd+NHqhiE=; b=MqGXjONkcn69xsAU/WbZhTkY9skU92wWsBbCEEqjCSErYX7gfuI0Zk7Bj5sK7VZWZc gO+lDrkdUQYkqIixzU+BEfEaZRdqnGY/YmS5Su7jp6+1pwkI6uSqta+GQlgobX+NViD5 pDIODPqphH9QHdcwz1A6SOygiS7G0vgX46sC8PJs+zNTPNmCL87SaLTmYNnLKorwBoaQ pNf+aFHTSy58MuVgQ04Z8+eFZ7eOuIKpzg6OI0wA15JQeiA9+d8hFef9AuWeAIJgSpN1 Z53Hpo9yjS9xWYIKHoL0qAXvhWT/OuvepEzOIBCSxZh7FISXJ5pFoYQ6TIi1+C6wxBn5 9qNQ== X-Gm-Message-State: AKS2vOxNSaigfHygtMiHgXGjEaoLtzz9WMtJYNICKwRxghJbOSoPYThB UfcoM5dnhFtC6CC/IekOeodR X-Received: by 10.28.130.213 with SMTP id e204mr8335264wmd.33.1497286695917; Mon, 12 Jun 2017 09:58:15 -0700 (PDT) Received: from localhost ([109.112.0.253]) by smtp.gmail.com with ESMTPSA id n2sm20925973wrn.30.2017.06.12.09.58.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 12 Jun 2017 09:58:15 -0700 (PDT) From: Salvatore Mesoraca To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com, Salvatore Mesoraca , Brad Spengler , PaX Team , Casey Schaufler , Kees Cook , James Morris , "Serge E. Hallyn" Subject: [PATCH 06/11] S.A.R.A. cred blob management Date: Mon, 12 Jun 2017 18:56:55 +0200 Message-Id: <1497286620-15027-7-git-send-email-s.mesoraca16@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Creation of the S.A.R.A. cred blob management "API". In order to allow S.A.R.A. to be stackable with other LSMs, it doesn't use the "security" field of struct cred, instead it uses an ad hoc field named security_sara. This solution is probably not acceptable for upstream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca --- include/linux/cred.h | 3 ++ security/sara/Makefile | 2 +- security/sara/include/sara_data.h | 47 +++++++++++++++++++++++ security/sara/main.c | 6 +++ security/sara/sara_data.c | 79 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 security/sara/include/sara_data.h create mode 100644 security/sara/sara_data.c diff --git a/include/linux/cred.h b/include/linux/cred.h index b03e7d0..007feb5 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -141,6 +141,9 @@ struct cred { #ifdef CONFIG_SECURITY void *security; /* subjective LSM security */ #endif +#ifdef CONFIG_SECURITY_SARA + void *security_sara; +#endif struct user_struct *user; /* real user ID subscription */ struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ struct group_info *group_info; /* supplementary groups for euid/fsgid */ diff --git a/security/sara/Makefile b/security/sara/Makefile index 8acf8a9..0543390 100644 --- a/security/sara/Makefile +++ b/security/sara/Makefile @@ -1,4 +1,4 @@ obj-$(CONFIG_SECURITY_SARA) := sara.o -sara-y := main.o securityfs.o utils.o +sara-y := main.o securityfs.o utils.o sara_data.o sara-$(CONFIG_SECURITY_SARA_USB_FILTERING) += usb_filtering.o diff --git a/security/sara/include/sara_data.h b/security/sara/include/sara_data.h new file mode 100644 index 0000000..7ed04fd --- /dev/null +++ b/security/sara/include/sara_data.h @@ -0,0 +1,47 @@ +/* + * S.A.R.A. Linux Security Module + * + * Copyright (C) 2017 Salvatore Mesoraca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + */ + +#ifndef __SARA_DATA_H +#define __SARA_DATA_H + +#include + +int sara_data_init(void) __init; + +#ifdef CONFIG_SECURITY_SARA_WXPROT + +struct sara_data { + unsigned long relro_page; + u16 wxp_flags; + bool relro_page_found; + bool mmap_blocked; +}; + +#define get_sara_data_leftvalue(X) ((X)->security_sara) +#define get_sara_data(X) ((struct sara_data *) (X)->security_sara) +#define get_current_sara_data() get_sara_data(current_cred()) + +#define get_sara_wxp_flags(X) (get_sara_data((X))->wxp_flags) +#define get_current_sara_wxp_flags() get_sara_wxp_flags(current_cred()) + +#define get_sara_relro_page(X) (get_sara_data((X))->relro_page) +#define get_current_sara_relro_page() get_sara_relro_page(current_cred()) + +#define get_sara_relro_page_found(X) (get_sara_data((X))->relro_page_found) +#define get_current_sara_relro_page_found() \ + get_sara_relro_page_found(current_cred()) + +#define get_sara_mmap_blocked(X) (get_sara_data((X))->mmap_blocked) +#define get_current_sara_mmap_blocked() get_sara_mmap_blocked(current_cred()) + +#endif + +#endif /* __SARA_H */ diff --git a/security/sara/main.c b/security/sara/main.c index 8783c3c..e870c68 100644 --- a/security/sara/main.c +++ b/security/sara/main.c @@ -14,6 +14,7 @@ #include #include "include/sara.h" +#include "include/sara_data.h" #include "include/securityfs.h" #include "include/usb_filtering.h" @@ -81,6 +82,11 @@ void __init sara_init(void) goto error; } + if (sara_data_init()) { + pr_crit("impossible to initialize creds.\n"); + goto error; + } + if (sara_usb_filtering_init()) { pr_crit("impossible to initialize usb filtering.\n"); goto error; diff --git a/security/sara/sara_data.c b/security/sara/sara_data.c new file mode 100644 index 0000000..8f11cd1 --- /dev/null +++ b/security/sara/sara_data.c @@ -0,0 +1,79 @@ +/* + * S.A.R.A. Linux Security Module + * + * Copyright (C) 2017 Salvatore Mesoraca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + */ + +#include "include/sara_data.h" + +#ifdef CONFIG_SECURITY_SARA_WXPROT +#include +#include +#include + +static int sara_cred_alloc_blank(struct cred *cred, gfp_t gfp) +{ + struct sara_data *d; + + d = kzalloc(sizeof(*d), gfp); + if (d == NULL) + return -ENOMEM; + get_sara_data_leftvalue(cred) = d; + return 0; +} + +static void sara_cred_free(struct cred *cred) +{ + struct sara_data *d; + + d = get_sara_data(cred); + if (d != NULL) { + kfree(d); + get_sara_data_leftvalue(cred) = NULL; + } +} + +static int sara_cred_prepare(struct cred *new, const struct cred *old, + gfp_t gfp) +{ + struct sara_data *d; + + d = kmemdup(get_sara_data(old), sizeof(*d), gfp); + if (d == NULL) + return -ENOMEM; + get_sara_data_leftvalue(new) = d; + return 0; +} + +static void sara_cred_transfer(struct cred *new, const struct cred *old) +{ + *get_sara_data(new) = *get_sara_data(old); +} + +static struct security_hook_list data_hooks[] __ro_after_init = { + LSM_HOOK_INIT(cred_alloc_blank, sara_cred_alloc_blank), + LSM_HOOK_INIT(cred_free, sara_cred_free), + LSM_HOOK_INIT(cred_prepare, sara_cred_prepare), + LSM_HOOK_INIT(cred_transfer, sara_cred_transfer), +}; + +int __init sara_data_init(void) +{ + security_add_hooks(data_hooks, ARRAY_SIZE(data_hooks), "sara"); + return sara_cred_alloc_blank((struct cred *) current->real_cred, + GFP_KERNEL); +} + +#else /* CONFIG_SECURITY_SARA_WXPROT */ + +int __init sara_data_init(void) +{ + return 0; +} + +#endif