| Message ID | 20190109091028.24485-3-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Allow initializing the kernfs node's secctx based on its parent | expand |
On 1/9/19 4:10 AM, Ondrej Mosnacek wrote: > The hook applies the same logic as selinux_determine_inode_label(), with > the exception of the super_block handling, which will be enforced on the > actual inodes by other hooks. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > security/selinux/hooks.c | 41 ++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 7ce012d9ec51..29c038513504 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -3526,6 +3526,45 @@ static int selinux_inode_copy_up_xattr(const char *name) > return -EOPNOTSUPP; > } > > +/* file-like object operations */ > + > +/* Used e.g. for kernfs_node for newly created nodes */ > +static int selinux_object_init_security(void *parent_ctx, u32 parent_ctxlen, > + const struct qstr *qstr, u16 mode, > + void **ctx, u32 *ctxlen) > +{ > + const struct task_security_struct *tsec = current_security(); > + u32 parent_sid, newsid, clen; > + int rc; > + char *context; > + > + rc = security_context_to_sid(&selinux_state, parent_ctx, parent_ctxlen, > + &parent_sid, GFP_KERNEL); > + if (rc) > + return rc; > + > + if (tsec->create_sid) { > + newsid = tsec->create_sid; > + } else { > + u16 secclass = inode_mode_to_security_class(mode); > + > + rc = security_transition_sid(&selinux_state, tsec->sid, > + parent_sid, secclass, qstr, > + &newsid); > + if (rc) > + return rc; > + } > + > + rc = security_sid_to_context_force(&selinux_state, newsid, > + &context, &clen); > + if (rc) > + return rc; > + > + *ctx = context; > + *ctxlen = clen; > + return 0; > +} > + > /* file security operations */ > > static int selinux_revalidate_file_permission(struct file *file, int mask) > @@ -6965,6 +7004,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { > LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up), > LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr), > > + LSM_HOOK_INIT(object_init_security, selinux_object_init_security), > + > LSM_HOOK_INIT(file_permission, selinux_file_permission), > LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), > LSM_HOOK_INIT(file_free_security, selinux_file_free_security), >
On Wed, Jan 9, 2019 at 9:38 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 1/9/19 4:10 AM, Ondrej Mosnacek wrote: > > The hook applies the same logic as selinux_determine_inode_label(), with > > the exception of the super_block handling, which will be enforced on the > > actual inodes by other hooks. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Looks good to me too. > > --- > > security/selinux/hooks.c | 41 ++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 41 insertions(+) > > > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index 7ce012d9ec51..29c038513504 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -3526,6 +3526,45 @@ static int selinux_inode_copy_up_xattr(const char *name) > > return -EOPNOTSUPP; > > } > > > > +/* file-like object operations */ > > + > > +/* Used e.g. for kernfs_node for newly created nodes */ > > +static int selinux_object_init_security(void *parent_ctx, u32 parent_ctxlen, > > + const struct qstr *qstr, u16 mode, > > + void **ctx, u32 *ctxlen) > > +{ > > + const struct task_security_struct *tsec = current_security(); > > + u32 parent_sid, newsid, clen; > > + int rc; > > + char *context; > > + > > + rc = security_context_to_sid(&selinux_state, parent_ctx, parent_ctxlen, > > + &parent_sid, GFP_KERNEL); > > + if (rc) > > + return rc; > > + > > + if (tsec->create_sid) { > > + newsid = tsec->create_sid; > > + } else { > > + u16 secclass = inode_mode_to_security_class(mode); > > + > > + rc = security_transition_sid(&selinux_state, tsec->sid, > > + parent_sid, secclass, qstr, > > + &newsid); > > + if (rc) > > + return rc; > > + } > > + > > + rc = security_sid_to_context_force(&selinux_state, newsid, > > + &context, &clen); > > + if (rc) > > + return rc; > > + > > + *ctx = context; > > + *ctxlen = clen; > > + return 0; > > +} > > + > > /* file security operations */ > > > > static int selinux_revalidate_file_permission(struct file *file, int mask) > > @@ -6965,6 +7004,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { > > LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up), > > LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr), > > > > + LSM_HOOK_INIT(object_init_security, selinux_object_init_security), > > + > > LSM_HOOK_INIT(file_permission, selinux_file_permission), > > LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), > > LSM_HOOK_INIT(file_free_security, selinux_file_free_security), > > >
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7ce012d9ec51..29c038513504 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3526,6 +3526,45 @@ static int selinux_inode_copy_up_xattr(const char *name) return -EOPNOTSUPP; } +/* file-like object operations */ + +/* Used e.g. for kernfs_node for newly created nodes */ +static int selinux_object_init_security(void *parent_ctx, u32 parent_ctxlen, + const struct qstr *qstr, u16 mode, + void **ctx, u32 *ctxlen) +{ + const struct task_security_struct *tsec = current_security(); + u32 parent_sid, newsid, clen; + int rc; + char *context; + + rc = security_context_to_sid(&selinux_state, parent_ctx, parent_ctxlen, + &parent_sid, GFP_KERNEL); + if (rc) + return rc; + + if (tsec->create_sid) { + newsid = tsec->create_sid; + } else { + u16 secclass = inode_mode_to_security_class(mode); + + rc = security_transition_sid(&selinux_state, tsec->sid, + parent_sid, secclass, qstr, + &newsid); + if (rc) + return rc; + } + + rc = security_sid_to_context_force(&selinux_state, newsid, + &context, &clen); + if (rc) + return rc; + + *ctx = context; + *ctxlen = clen; + return 0; +} + /* file security operations */ static int selinux_revalidate_file_permission(struct file *file, int mask) @@ -6965,6 +7004,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up), LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr), + LSM_HOOK_INIT(object_init_security, selinux_object_init_security), + LSM_HOOK_INIT(file_permission, selinux_file_permission), LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
The hook applies the same logic as selinux_determine_inode_label(), with the exception of the super_block handling, which will be enforced on the actual inodes by other hooks. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- security/selinux/hooks.c | 41 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)