From patchwork Sun Jun 2 16:50:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10971829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 512EE17DF for ; Sun, 2 Jun 2019 16:51:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3C3F51FF40 for ; Sun, 2 Jun 2019 16:51:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 309542873A; Sun, 2 Jun 2019 16:51:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5C2AD1FF40 for ; Sun, 2 Jun 2019 16:51:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726908AbfFBQvn (ORCPT ); Sun, 2 Jun 2019 12:51:43 -0400 Received: from sonic302-8.consmr.mail.bf2.yahoo.com ([74.6.135.47]:44695 "EHLO sonic302-8.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726895AbfFBQvm (ORCPT ); Sun, 2 Jun 2019 12:51:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1559494300; bh=ZCT9uElDRTx+ICdatyCuPDJ03LmAmILNxQZ9h703pNY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=EFJ2/pW5zx3z7UHz+G2zDr7PIj+8c3khTV6O5ZR8ActVZWQX55yCnO293OX2j6kQRblMvtTqoprhbBlDhMLODYa91xe7RLMUOvBEbkeSHIby5c0rCWtO2Sd99y8FXRGT9ytOuuHP/q3HRIve2u/fJTAJuPC3Zg5LfwY2T/Ef6Py05b7m6WcavxtrN0yrxmmysL7FL+5RPaGtOZfYEu1/QUh5sz1q6St12EbxcVVLO6jlgWFWcHRQP/vyXZBIGT7n7N8dFQU+FA+LS9uWyIfvS7iGXRYnkaxtJNiEgiUTNZPUbAY1xu4immW5O7gbPw7JkeCSz2+cn/Wo1pDWTdgqHA== X-YMail-OSG: DBu7cNQVM1kS.02FOC4sBkTeeiLj3K1mm6fe_Z3VIxcsqLcV3e2UTEno8upxUHB pOAgykkNcE1bdiyrmz00UjpB.AdZhseI.yfzHZJ4hX_FyT3IHq8n2yinzldtnS4stQ5sMAkRRHac US9J1z7EnJnpT6NT2F_7dwkwQ7rR8H8fSJGllyyzJsOxr5XSTUJ9ORHAyPvpbZwBbTRU1ba44R0S qOjTh5zgptGfEfEvUvcZ99_s0IyS9IybnzXbxd86MCmP0KrqfHZHFxgoFFIY1_0OsiUdH.dgVFUx 7qC5f7XP.9qzQlWHWLIbv9KUOG1KFRtiC249EiiLxHs2srUyvckN0IhC2QPsYawsavgXbEAl2RUF PbmDYuW8kq04Le0WASIGaUvsN_XM0.xs.nsmmCl7LYArbYzorY6OSZdp9HZbZlBQZFETWAawFjgr MDSLLhKX.rlLpPpETYv6yWWw8LyUacVNGHQrskQP4o4rc_o7oXgjL4cnJJifebawRjbjAFBtCngW tHUnX29L95KWvST6aXsi2N.kbyVuL4kTHgo2xwXGmNYCvWma7jCMv5SYZre0c7S3k1NdIzV_N_q_ Q13NAjsZKE0AGXukjHKoo02OnLT.rMXJ7HYNEJZILkgQFCc3jDHAWCqoADj6eySe0Esg7lWENC3r cepoETA.p124x8K6Guu3x7Zwxwyh5cRviy9dTDdNgY96r2iU3vF6O8dIl_ABIhwP0SJcFsyhU9W7 C5PqE5xbI9uA1bw.hF_1pdYn2xfPptqnUMo3JYhG8JsIAtbpTwurOkzYg_wKYSJCUr59ANHBa7cO H2tcGV_NujwZjpNVHYxX6Bo5SdGWdc1YSAXDCm95H.Ryt0IYxIhngyAUGRDPts1Wcqv88sMPjMOA 5izaNisQ3QMSAMO7GEPfOsuKQhCXdO75tSFwLCWwcBrvmLTrz.9SNDSlY_aO7SWK8SyirQBb6Uie JizkhnKwXWiyHGt4Bja5x60bPOONIVDdpZhPJygsXa4Gfb7n9pJPW3LZkmTAp1Q77Hdhrn5cnf5d ZWr5XnSfeDYFRxomV0uKldyBU38_kYJ2uDdBhQsdMepACXfRzLEE_rjoSjTTRZ.yaqbFofLUHhHu cxBxSUC_XHZjzPufsNUmozpym1VekzFBDXmxgGoaVuiKrqGUOc0spO_ILMR_0jzHEhmXz7zefJ4U BcXcNWHDN5u.cUIhJDoU16UEmyy8vIbANHrIeXrLd3fefRrnhNlHnrPEImop0L4Bom2.IWkdP1mk 0tQx_IizHlgySZP9tWseY5QzxM8Ml_2GrlSIZxL9NtRg- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.bf2.yahoo.com with HTTP; Sun, 2 Jun 2019 16:51:40 +0000 Received: from c-73-223-4-185.hsd1.ca.comcast.net (EHLO localhost.net) ([73.223.4.185]) by smtp413.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b3a8ad7d79501e3c392fdc3d79d8fa55; Sun, 02 Jun 2019 16:51:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH 10/58] LSM: Use lsm_export in the audit_rule_match hooks Date: Sun, 2 Jun 2019 09:50:13 -0700 Message-Id: <20190602165101.25079-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190602165101.25079-1-casey@schaufler-ca.com> References: <20190602165101.25079-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Convert the audit_rule_match hooks to use the lsm_export structure instead of a u32 secid. There is quite a bit of scaffolding involved that will be removed when security_audit_rule_match() is updated. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 +++-- security/apparmor/audit.c | 4 ++-- security/apparmor/include/audit.h | 2 +- security/apparmor/include/secid.h | 2 +- security/apparmor/secid.c | 17 +++++++++++++++-- security/security.c | 7 ++++++- security/selinux/hooks.c | 17 ----------------- security/selinux/include/audit.h | 5 +++-- security/selinux/include/objsec.h | 17 +++++++++++++++++ security/selinux/ss/services.c | 6 +++++- security/smack/smack_lsm.c | 7 +++++-- 11 files changed, 58 insertions(+), 31 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index bcc628cffe6a..01296e4ce474 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1354,7 +1354,7 @@ * @audit_rule_match: * Determine if given @secid matches a rule previously approved * by @audit_rule_known. - * @secid contains the security id in question. + * @l points to the security data in question. * @field contains the field which relates to current LSM. * @op contains the operator that will be used for matching. * @lrule points to the audit rule that will be checked against. @@ -1778,7 +1778,8 @@ union security_list_options { int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule); int (*audit_rule_known)(struct audit_krule *krule); - int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule); + int (*audit_rule_match)(struct lsm_export *l, u32 field, u32 op, + void *lsmrule); void (*audit_rule_free)(void *lsmrule); #endif /* CONFIG_AUDIT */ diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 5a8b9cded4f2..bea59bfad332 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -225,13 +225,13 @@ int aa_audit_rule_known(struct audit_krule *rule) return 0; } -int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) +int aa_audit_rule_match(struct lsm_export *l, u32 field, u32 op, void *vrule) { struct aa_audit_rule *rule = vrule; struct aa_label *label; int found = 0; - label = aa_secid_to_label(sid); + label = aa_secid_to_label(l); if (!label) return -ENOENT; diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index ee559bc2acb8..372ba4fada9c 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -192,6 +192,6 @@ static inline int complain_error(int error) void aa_audit_rule_free(void *vrule); int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); int aa_audit_rule_known(struct audit_krule *rule); -int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule); +int aa_audit_rule_match(struct lsm_export *l, u32 field, u32 op, void *vrule); #endif /* __AA_AUDIT_H */ diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index fa2062711b63..c283c620efe3 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -25,7 +25,7 @@ struct aa_label; /* secid value that matches any other secid */ #define AA_SECID_WILDCARD 1 -struct aa_label *aa_secid_to_label(u32 secid); +struct aa_label *aa_secid_to_label(struct lsm_export *l); int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); void apparmor_release_secctx(char *secdata, u32 seclen); diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index 05373d9a3d6a..1546c45a2a18 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -61,9 +61,12 @@ void aa_secid_update(u32 secid, struct aa_label *label) * * see label for inverse aa_label_to_secid */ -struct aa_label *aa_secid_to_label(u32 secid) +struct aa_label *aa_secid_to_label(struct lsm_export *l) { struct aa_label *label; + u32 secid; + + secid = (l->flags & LSM_EXPORT_APPARMOR) ? l->apparmor : 0; rcu_read_lock(); label = idr_find(&aa_secids, secid); @@ -72,12 +75,22 @@ struct aa_label *aa_secid_to_label(u32 secid) return label; } +static inline void aa_import_secid(struct lsm_export *l, u32 secid) +{ + l->flags = LSM_EXPORT_APPARMOR; + l->apparmor = secid; +} + int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) { /* TODO: cache secctx and ref count so we don't have to recreate */ - struct aa_label *label = aa_secid_to_label(secid); + struct lsm_export data; + struct aa_label *label; int len; + aa_import_secid(&data, secid); + label = aa_secid_to_label(&data); + AA_BUG(!seclen); if (!label) diff --git a/security/security.c b/security/security.c index 2f1355d10e0d..60dd064c0531 100644 --- a/security/security.c +++ b/security/security.c @@ -2477,7 +2477,12 @@ void security_audit_rule_free(void *lsmrule) int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + int rc; + struct lsm_export data = { .flags = LSM_EXPORT_NONE }; + + rc = call_int_hook(audit_rule_match, 0, &data, field, op, lsmrule); + lsm_export_secid(&data, &secid); + return rc; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9db12f6b1221..bfd0f1f5979f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -213,23 +213,6 @@ static void cred_init_security(void) tsec->osid = tsec->sid = SECINITSID_KERNEL; } -/* - * Set the SELinux secid in an lsm_export structure - */ -static inline void selinux_export_secid(struct lsm_export *l, u32 secid) -{ - l->selinux = secid; - l->flags |= LSM_EXPORT_SELINUX; -} - -static inline void selinux_import_secid(struct lsm_export *l, u32 *secid) -{ - if (l->flags & LSM_EXPORT_SELINUX) - *secid = l->selinux; - else - *secid = SECSID_NULL; -} - /* * get the security ID of a set of credentials */ diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 682e2b5de2a4..92dd5ab15fb2 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -39,7 +39,7 @@ void selinux_audit_rule_free(void *rule); /** * selinux_audit_rule_match - determine if a context ID matches a rule. - * @sid: the context ID to check + * @l: points to the context ID to check * @field: the field this rule refers to * @op: the operater the rule uses * @rule: pointer to the audit rule to check against @@ -47,7 +47,8 @@ void selinux_audit_rule_free(void *rule); * Returns 1 if the context id matches the rule, 0 if it does not, and * -errno on failure. */ -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule); +int selinux_audit_rule_match(struct lsm_export *l, u32 field, u32 op, + void *rule); /** * selinux_audit_rule_known - check to see if rule contains selinux fields. diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 3b78aa4ee98f..59a3b1cd5ba9 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -50,6 +50,23 @@ static inline u32 current_sid(void) return tsec->sid; } +/* + * Set the SELinux secid in an lsm_export structure + */ +static inline void selinux_export_secid(struct lsm_export *l, u32 secid) +{ + l->selinux = secid; + l->flags |= LSM_EXPORT_SELINUX; +} + +static inline void selinux_import_secid(struct lsm_export *l, u32 *secid) +{ + if (l->flags & LSM_EXPORT_SELINUX) + *secid = l->selinux; + else + *secid = SECSID_NULL; +} + enum label_initialized { LABEL_INVALID, /* invalid or not initialized */ LABEL_INITIALIZED, /* initialized */ diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e3f5d6aece66..626b877363fb 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3395,13 +3395,15 @@ int selinux_audit_rule_known(struct audit_krule *rule) return 0; } -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) +int selinux_audit_rule_match(struct lsm_export *l, u32 field, u32 op, + void *vrule) { struct selinux_state *state = &selinux_state; struct context *ctxt; struct mls_level *level; struct selinux_audit_rule *rule = vrule; int match = 0; + u32 sid; if (unlikely(!rule)) { WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n"); @@ -3415,6 +3417,8 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule) goto out; } + selinux_import_secid(l, &sid); + ctxt = sidtab_search(state->ss->sidtab, sid); if (unlikely(!ctxt)) { WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n", diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3e3724bbd6ea..a3776501965d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4369,7 +4369,7 @@ static int smack_audit_rule_known(struct audit_krule *krule) /** * smack_audit_rule_match - Audit given object ? - * @secid: security id for identifying the object to test + * @l: security id for identifying the object to test * @field: audit rule flags given from user-space * @op: required testing operator * @vrule: smack internal rule presentation @@ -4377,10 +4377,12 @@ static int smack_audit_rule_known(struct audit_krule *krule) * The core Audit hook. It's used to take the decision of * whether to audit or not to audit a given object. */ -static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) +static int smack_audit_rule_match(struct lsm_export *l, u32 field, u32 op, + void *vrule) { struct smack_known *skp; char *rule = vrule; + u32 secid; if (unlikely(!rule)) { WARN_ONCE(1, "Smack: missing rule\n"); @@ -4390,6 +4392,7 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule) if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) return 0; + smack_import_secid(l, &secid); skp = smack_from_secid(secid); /*