[v36,04/33] LSM: provide lsm name and id slot mappings

Message ID	20220609230146.319210-5-casey@schaufler-ca.com (mailing list archive)
State	Superseded
Delegated to:	Paul Moore
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Subject: [PATCH v36 04/33] LSM: provide lsm name and id slot mappings Date: Thu, 9 Jun 2022 16:01:17 -0700 Message-Id: <20220609230146.319210-5-casey@schaufler-ca.com> In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com> References: <20220609230146.319210-1-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	LSM: Module stacking for AppArmor \| expand [v36,00/33] LSM: Module stacking for AppArmor [v36,01/33] integrity: disassociate ima_filter_rule from security_audit_rule [v36,02/33] LSM: Infrastructure management of the sock security [v36,03/33] LSM: Add the lsmblob data structure. [v36,04/33] LSM: provide lsm name and id slot mappings [v36,05/33] IMA: avoid label collisions with stacked LSMs [v36,06/33] LSM: Use lsmblob in security_audit_rule_match [v36,07/33] LSM: Use lsmblob in security_kernel_act_as [v36,08/33] LSM: Use lsmblob in security_secctx_to_secid [v36,09/33] LSM: Use lsmblob in security_secid_to_secctx [v36,10/33] LSM: Use lsmblob in security_ipc_getsecid [v36,11/33] LSM: Use lsmblob in security_current_getsecid [v36,12/33] LSM: Use lsmblob in security_inode_getsecid [v36,13/33] LSM: Use lsmblob in security_cred_getsecid [v36,14/33] LSM: Specify which LSM to display [v36,15/33] LSM: Ensure the correct LSM context releaser [v36,16/33] LSM: Use lsmcontext in security_secid_to_secctx [v36,17/33] LSM: Use lsmcontext in security_inode_getsecctx [v36,18/33] LSM: Use lsmcontext in security_dentry_init_security [v36,19/33] LSM: security_secid_to_secctx in netlink netfilter [v36,20/33] NET: Store LSM netlabel data in a lsmblob [v36,21/33] binder: Pass LSM identifier for confirmation [v36,22/33] LSM: Extend security_secid_to_secctx to include module selection [v36,23/33] Audit: Keep multiple LSM data in audit_names [v36,24/33] Audit: Create audit_stamp structure [v36,25/33] LSM: Add a function to report multiple LSMs [v36,26/33] Audit: Allow multiple records in an audit_buffer [v36,27/33] Audit: Add record for multiple task security contexts [v36,28/33] audit: multiple subject lsm values for netlabel [v36,29/33] Audit: Add record for multiple object contexts [v36,30/33] netlabel: Use a struct lsmblob in audit data [v36,31/33] LSM: Removed scaffolding function lsmcontext_init [v36,32/33] LSM: Add /proc attr entry for full LSM context [v36,33/33] AppArmor: Remove the exclusive flag

Message ID

20220609230146.319210-5-casey@schaufler-ca.com (mailing list archive)

State

Superseded

Delegated to:

Paul Moore

Headers

From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org
Subject: [PATCH v36 04/33] LSM: provide lsm name and id slot mappings
Date: Thu,  9 Jun 2022 16:01:17 -0700
Message-Id: <20220609230146.319210-5-casey@schaufler-ca.com>
In-Reply-To: <20220609230146.319210-1-casey@schaufler-ca.com>
References: <20220609230146.319210-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

LSM: Module stacking for AppArmor | expand

Commit Message

Casey Schaufler June 9, 2022, 11:01 p.m. UTC

Provide interfaces to map LSM slot numbers and LSM names.
Update the LSM registration code to save this information.

Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/security.h |  4 ++++
 security/security.c      | 45 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

Comments

kernel test robot June 10, 2022, 7:51 a.m. UTC | #1

Hi Casey,

I love your patch! Perhaps something to improve:

[auto build test WARNING on pcmoore-audit/next]
[also build test WARNING on pcmoore-selinux/next linus/master v5.19-rc1 next-20220610]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
config: sparc-randconfig-r014-20220609 (https://download.01.org/0day-ci/archive/20220610/202206101543.IWAKe4Qx-lkp@intel.com/config)
compiler: sparc-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/intel-lab-lkp/linux/commit/767517968014af3744e00ba2c0c956b290a56ecb
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129
        git checkout 767517968014af3744e00ba2c0c956b290a56ecb
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=sparc SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

   security/security.c: In function 'lsm_name_to_slot':
>> security/security.c:496:40: warning: array subscript i is outside array bounds of 'struct lsm_id *[0]' [-Warray-bounds]
     496 |                 if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
         |                            ~~~~~~~~~~~~^~~
   security/security.c:481:23: note: while referencing 'lsm_slotlist'
     481 | static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
         |                       ^~~~~~~~~~~~
   security/security.c: In function 'lsm_slot_to_name':
>> security/security.c:521:25: warning: array subscript 0 is outside array bounds of 'struct lsm_id *[0]' [-Warray-bounds]
     521 |         if (lsm_slotlist[slot] == NULL)
         |             ~~~~~~~~~~~~^~~~~~
   security/security.c:481:23: note: while referencing 'lsm_slotlist'
     481 | static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
         |                       ^~~~~~~~~~~~
   security/security.c: In function 'security_add_hooks':
>> security/security.c:546:29: warning: array subscript <unknown> is outside array bounds of 'struct lsm_id *[0]' [-Warray-bounds]
     546 |                 lsm_slotlist[lsm_slot] = lsmid;
         |                 ~~~~~~~~~~~~^~~~~~~~~~
   security/security.c:481:23: note: while referencing 'lsm_slotlist'
     481 | static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
         |                       ^~~~~~~~~~~~


vim +496 security/security.c

   482	
   483	/**
   484	 * lsm_name_to_slot - Report the slot number for a security module
   485	 * @name: name of the security module
   486	 *
   487	 * Look up the slot number for the named security module.
   488	 * Returns the slot number or LSMBLOB_INVALID if @name is not
   489	 * a registered security module name.
   490	 */
   491	int lsm_name_to_slot(char *name)
   492	{
   493		int i;
   494	
   495		for (i = 0; i < lsm_slot; i++)
 > 496			if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
   497				return i;
   498	
   499		return LSMBLOB_INVALID;
   500	}
   501	
   502	/**
   503	 * lsm_slot_to_name - Get the name of the security module in a slot
   504	 * @slot: index into the interface LSM slot list.
   505	 *
   506	 * Provide the name of the security module associated with
   507	 * a interface LSM slot.
   508	 *
   509	 * If @slot is LSMBLOB_INVALID return the value
   510	 * for slot 0 if it has been set, otherwise NULL.
   511	 *
   512	 * Returns a pointer to the name string or NULL.
   513	 */
   514	const char *lsm_slot_to_name(int slot)
   515	{
   516		if (slot == LSMBLOB_INVALID)
   517			slot = 0;
   518		else if (slot >= LSMBLOB_ENTRIES || slot < 0)
   519			return NULL;
   520	
 > 521		if (lsm_slotlist[slot] == NULL)
   522			return NULL;
   523		return lsm_slotlist[slot]->lsm;
   524	}
   525	
   526	/**
   527	 * security_add_hooks - Add a modules hooks to the hook lists.
   528	 * @hooks: the hooks to add
   529	 * @count: the number of hooks to add
   530	 * @lsmid: the identification information for the security module
   531	 *
   532	 * Each LSM has to register its hooks with the infrastructure.
   533	 * If the LSM is using hooks that export secids allocate a slot
   534	 * for it in the lsmblob.
   535	 */
   536	void __init security_add_hooks(struct security_hook_list *hooks, int count,
   537				       struct lsm_id *lsmid)
   538	{
   539		int i;
   540	
   541		WARN_ON(!lsmid->slot || !lsmid->lsm);
   542	
   543		if (lsmid->slot == LSMBLOB_NEEDED) {
   544			if (lsm_slot >= LSMBLOB_ENTRIES)
   545				panic("%s Too many LSMs registered.\n", __func__);
 > 546			lsm_slotlist[lsm_slot] = lsmid;
   547			lsmid->slot = lsm_slot++;
   548			init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
   549				   lsmid->slot);
   550		}
   551	
   552		for (i = 0; i < count; i++) {
   553			hooks[i].lsmid = lsmid;
   554			hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
   555		}
   556	
   557		/*
   558		 * Don't try to append during early_security_init(), we'll come back
   559		 * and fix this up afterwards.
   560		 */
   561		if (slab_is_available()) {
   562			if (lsm_append(lsmid->lsm, &lsm_names) < 0)
   563				panic("%s - Cannot get early memory.\n", __func__);
   564		}
   565	}
   566

diff --git a/include/linux/security.h b/include/linux/security.h
index 835fbb86a2bc..5b7a21237fea 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -197,6 +197,10 @@  static inline bool lsmblob_equal(const struct lsmblob *bloba,
 	return !memcmp(bloba, blobb, sizeof(*bloba));
 }
 
+/* Map lsm names to blob slot numbers */
+extern int lsm_name_to_slot(char *name);
+extern const char *lsm_slot_to_name(int slot);
+
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, unsigned int opts);
diff --git a/security/security.c b/security/security.c
index 8fdf046fc749..37c14572501e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -478,6 +478,50 @@  static int lsm_append(const char *new, char **result)
  * Current index to use while initializing the lsmblob secid list.
  */
 static int lsm_slot __lsm_ro_after_init;
+static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
+
+/**
+ * lsm_name_to_slot - Report the slot number for a security module
+ * @name: name of the security module
+ *
+ * Look up the slot number for the named security module.
+ * Returns the slot number or LSMBLOB_INVALID if @name is not
+ * a registered security module name.
+ */
+int lsm_name_to_slot(char *name)
+{
+	int i;
+
+	for (i = 0; i < lsm_slot; i++)
+		if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
+			return i;
+
+	return LSMBLOB_INVALID;
+}
+
+/**
+ * lsm_slot_to_name - Get the name of the security module in a slot
+ * @slot: index into the interface LSM slot list.
+ *
+ * Provide the name of the security module associated with
+ * a interface LSM slot.
+ *
+ * If @slot is LSMBLOB_INVALID return the value
+ * for slot 0 if it has been set, otherwise NULL.
+ *
+ * Returns a pointer to the name string or NULL.
+ */
+const char *lsm_slot_to_name(int slot)
+{
+	if (slot == LSMBLOB_INVALID)
+		slot = 0;
+	else if (slot >= LSMBLOB_ENTRIES || slot < 0)
+		return NULL;
+
+	if (lsm_slotlist[slot] == NULL)
+		return NULL;
+	return lsm_slotlist[slot]->lsm;
+}
 
 /**
  * security_add_hooks - Add a modules hooks to the hook lists.
@@ -499,6 +543,7 @@  void __init security_add_hooks(struct security_hook_list *hooks, int count,
 	if (lsmid->slot == LSMBLOB_NEEDED) {
 		if (lsm_slot >= LSMBLOB_ENTRIES)
 			panic("%s Too many LSMs registered.\n", __func__);
+		lsm_slotlist[lsm_slot] = lsmid;
 		lsmid->slot = lsm_slot++;
 		init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
 			   lsmid->slot);

[v36,04/33] LSM: provide lsm name and id slot mappings

Commit Message

Comments

Patch