From patchwork Sat Aug 13 20:35:43 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 9279315 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id DC42860231 for ; Sun, 14 Aug 2016 11:49:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB85A289E6 for ; Sun, 14 Aug 2016 11:49:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C063C28A4A; Sun, 14 Aug 2016 11:49:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F03728A57 for ; Sun, 14 Aug 2016 11:49:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934406AbcHNLtU (ORCPT ); Sun, 14 Aug 2016 07:49:20 -0400 Received: from nm7.bullet.mail.bf1.yahoo.com ([98.139.212.166]:57555 "EHLO nm7.bullet.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934781AbcHNLtS (ORCPT ); Sun, 14 Aug 2016 07:49:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1471120545; bh=atmNUCbcPuvlmKrM8yJV1p/W6r1kD2SFRvSjDSkGxPA=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=n3pTQ5wXnh8rEUTuoXMHSBTKM+DhaGl3KrrqU5JAzmjJPKexJayeXn9D5/J4gQfibHion4tJ2AHebRFbrX9xo9HZjfaEz0Xp3PU+S+eBNYHIF0eFxdQxuG9lEAGkjZNhnarkGAa51d3vVgGzV+HWxYzrF4SvRt+YDECpTvnKBaGFA4qOfjqyVlXUGQ7tSEkG9q0it9wl/Iyqdy1G1nAONXceIkHO7zqQSRPODI2AJ1fwwLwIwzXaQGwOy9KGz5gQouXN3p8k9lz1BJuVvF5zdptNeh2otmhRZ/fwipReT0qQvk+ECUN/XRx9JyaCRYGxSvPdVcOYjI7ItToLFjo8iw== Received: from [98.139.215.142] by nm7.bullet.mail.bf1.yahoo.com with NNFMP; 13 Aug 2016 20:35:45 -0000 Received: from [98.139.211.193] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 13 Aug 2016 20:35:45 -0000 Received: from [127.0.0.1] by smtp202.mail.bf1.yahoo.com with NNFMP; 13 Aug 2016 20:35:45 -0000 X-Yahoo-Newman-Id: 155376.7680.bm@smtp202.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 4GvOzC0VM1k9VjBcJWrEnA0u2Lkc5Q0tTK2jKrrYveERBbU u73ulDWtYoGlTTqFXI_UWI.K0xfltGR_UtvF5b.GN7E0P3DSCiptI6IvKZ48 F6XsMNh5FOBYkCU_pQFw8Y5Bm5FpX._SOOu4JV1dWoVuxjy0Aq9zBMoAqRh_ nVs3UCAipuoqcCE2a3PHQPd4FPeytNOoWAlCzVDia4gMn5SJjiDscVFhTYMe jsbuul0CcVbJQxowmHBqaZz1vuW0gzDljdAFuYNnar.Vs1NkT.bxNsfvxZGO W0P6sOeatbHVJwtoq.jYIrjPLnxCdftoX9zNGW5NuuaCOwly_FQsH7ce5kgl X3lYcTVQdJoXCxnvQjO2ZtlqqEG3QLQmwcC.jhSE5rJIk9hc9_V3zTqAVW2f Bce_Rl8lAoPidvIOoMZJAZeYBvWV9qf535HZe54tEZzXfLmw7Nij_yYvELLi rPEWSj0puVq8F9sBa2Y6fTQcqnYS19W_xXfvfIoyvljcxutfAPp1BtyL2d7v 9URtuiGAkIcE5UaXZ0CklJoE9wBcHHba7QoYmoB8yxG1.VQAqjp272awyOxb Cnn2.PTDpx7JO X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Subject: [PATCH 05/25] SELinux: Abstract the cred security blob To: LSM , James Morris References: <801ef9a9-e594-387c-f285-8d90879ee2bf@schaufler-ca.com> Cc: John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley From: Casey Schaufler Message-ID: <86a22937-8cca-d876-831b-d95e14d1dd3b@schaufler-ca.com> Date: Sat, 13 Aug 2016 13:35:43 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <801ef9a9-e594-387c-f285-8d90879ee2bf@schaufler-ca.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Subject: [PATCH 05/25] SELinux: Abstract the cred security blob Abstract reading the credential security blob. Remove abstraction when writing the credential security blob. There is no change in the behavior of the code. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 63 ++++++++++++++++++++------------------- security/selinux/include/objsec.h | 9 ++++++ security/selinux/selinuxfs.c | 3 +- security/selinux/xfrm.c | 4 +-- 4 files changed, 46 insertions(+), 33 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 666eaa5..793c9a2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -177,13 +177,16 @@ static void cred_init_security(void) { struct cred *cred = (struct cred *) current->real_cred; struct task_security_struct *tsec; + void *b; + int size; - tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); - if (!tsec) + size = sizeof(struct task_security_struct); + b = kzalloc(size, GFP_KERNEL); + if (!b) panic("SELinux: Failed to initialize initial task.\n"); - + cred->security = b; + tsec = selinux_cred(cred); tsec->osid = tsec->sid = SECINITSID_KERNEL; - cred->security = tsec; } /* @@ -193,7 +196,7 @@ static inline u32 cred_sid(const struct cred *cred) { const struct task_security_struct *tsec; - tsec = cred->security; + tsec = selinux_cred(cred); return tsec->sid; } @@ -215,7 +218,7 @@ static inline u32 task_sid(const struct task_struct *task) */ static inline u32 current_sid(void) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); return tsec->sid; } @@ -450,7 +453,7 @@ static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -467,7 +470,7 @@ static int may_context_mount_inode_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, NULL); @@ -1627,8 +1630,8 @@ static int task_has_perm(const struct task_struct *tsk1, u32 sid1, sid2; rcu_read_lock(); - __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; - __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; + __tsec1 = selinux_cred(__task_cred(tsk1)); sid1 = __tsec1->sid; + __tsec2 = selinux_cred(__task_cred(tsk2)); sid2 = __tsec2->sid; rcu_read_unlock(); return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); } @@ -1814,7 +1817,7 @@ static int selinux_determine_inode_label(struct inode *dir, u32 *_new_isid) { const struct superblock_security_struct *sbsec = dir->i_sb->s_security; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if ((sbsec->flags & SE_SBINITIALIZED) && (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { @@ -1836,7 +1839,7 @@ static int may_create(struct inode *dir, struct dentry *dentry, u16 tclass) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; @@ -2326,8 +2329,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (bprm->cred_prepared) return 0; - old_tsec = current_security(); - new_tsec = bprm->cred->security; + old_tsec = selinux_cred(current_cred()); + new_tsec = selinux_cred(bprm->cred); isec = inode_security(inode); /* Default to the current task SID. */ @@ -2417,7 +2420,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) static int selinux_bprm_secureexec(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 sid, osid; int atsecure = 0; @@ -2499,7 +2502,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) struct rlimit *rlim, *initrlim; int rc, i; - new_tsec = bprm->cred->security; + new_tsec = selinux_cred(bprm->cred); if (new_tsec->sid == new_tsec->osid) return; @@ -2540,7 +2543,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) */ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct itimerval itimer; u32 osid, sid; int rc, i; @@ -2852,7 +2855,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const char **name, void **value, size_t *len) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; u32 sid, newsid, clen; int rc; @@ -3662,7 +3665,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void selinux_cred_free(struct cred *cred) { - struct task_security_struct *tsec = cred->security; + struct task_security_struct *tsec = selinux_cred(cred); /* * cred->security == NULL if security_cred_alloc_blank() or @@ -3682,7 +3685,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, const struct task_security_struct *old_tsec; struct task_security_struct *tsec; - old_tsec = old->security; + old_tsec = selinux_cred(old); tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); if (!tsec) @@ -3697,8 +3700,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, */ static void selinux_cred_transfer(struct cred *new, const struct cred *old) { - const struct task_security_struct *old_tsec = old->security; - struct task_security_struct *tsec = new->security; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); *tsec = *old_tsec; } @@ -3709,7 +3712,7 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old) */ static int selinux_kernel_act_as(struct cred *new, u32 secid) { - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -3733,7 +3736,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_security_struct *isec = inode_security(inode); - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -4199,7 +4202,7 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) static int selinux_socket_create(int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 newsid; u16 secclass; int rc; @@ -4218,7 +4221,7 @@ static int selinux_socket_create(int family, int type, static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); struct sk_security_struct *sksec; int err = 0; @@ -4826,7 +4829,7 @@ static int selinux_secmark_relabel_packet(u32 sid) const struct task_security_struct *__tsec; u32 tsid; - __tsec = current_security(); + __tsec = selinux_cred(current_cred()); tsid = __tsec->sid; return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); @@ -5739,7 +5742,7 @@ static int selinux_getprocattr(struct task_struct *p, } rcu_read_lock(); - __tsec = __task_cred(p)->security; + __tsec = selinux_cred(__task_cred(p)); if (!strcmp(name, "current")) sid = __tsec->sid; @@ -5863,7 +5866,7 @@ static int selinux_setprocattr(struct task_struct *p, operation. See selinux_bprm_set_creds for the execve checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ - tsec = new->security; + tsec = selinux_cred(new); if (!strcmp(name, "exec")) { tsec->exec_sid = sid; } else if (!strcmp(name, "fscreate")) { @@ -5985,7 +5988,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, if (!ksec) return -ENOMEM; - tsec = cred->security; + tsec = selinux_cred(cred); if (tsec->keycreate_sid) ksec->sid = tsec->keycreate_sid; else diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index c21e135..8556776 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -24,6 +24,9 @@ #include #include #include +#include +#include +#include #include #include "flask.h" #include "avc.h" @@ -129,5 +132,11 @@ struct key_security_struct { }; extern unsigned int selinux_checkreqprot; +extern struct lsm_blob_sizes selinux_blob_sizes; + +static inline struct task_security_struct *selinux_cred(const struct cred *cred) +{ + return cred->security; +} #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0765c5b..2519e26 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -30,6 +30,7 @@ #include #include #include +#include /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ @@ -85,7 +86,7 @@ static int task_has_security(struct task_struct *tsk, u32 sid = 0; rcu_read_lock(); - tsec = __task_cred(tsk)->security; + tsec = selinux_cred(__task_cred(tsk)); if (tsec) sid = tsec->sid; rcu_read_unlock(); diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 56e354f..789d07b 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, gfp_t gfp) { int rc; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct xfrm_sec_ctx *ctx = NULL; u32 str_len; @@ -136,7 +136,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) */ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if (!ctx) return 0;