From patchwork Wed Aug 7 22:42:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082821 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4AE9C1399 for ; Wed, 7 Aug 2019 22:43:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3E6FC28A16 for ; Wed, 7 Aug 2019 22:43:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2FEFE28ADE; Wed, 7 Aug 2019 22:43:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5184E28A16 for ; Wed, 7 Aug 2019 22:42:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389317AbfHGWm5 (ORCPT ); Wed, 7 Aug 2019 18:42:57 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:36020 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388945AbfHGWm5 (ORCPT ); Wed, 7 Aug 2019 18:42:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217776; bh=SMs4nli59t3K7f0fj8Nh2Asd3jA9nd4Esaxdw91qRlo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=IddPzjEi4wOcuImHU/3r9mCWoZFGI1OhKFfjX4ZstWP2P2z/BSC7vcCRtaE9+OWYbUOmCVF0TK5rrRX1T2KVnPNHw2SqztroEvGTC1yctUGRkat+dm27K57mdCOTzURSbncIZFnYc9VY0ed6gQB7W1kQBwUVOf0p2QowjeV4klp5we3nnRqC/Yzl0ITp36iGv7HKRcGWUrnCO+/PJUmLcMOmBScnLwiB+PFIEbBpY7mJEdgHBy8jBo9SS/6wcJ17ZeD9wNB0X8E5Ei/vHpp8Z7wy65e0YW3jSfuNQHkSfCxa09FaqGXSs7CWIqNGPq2f3foPw0PeKvL9NnDXACOpFQ== X-YMail-OSG: EappUH8VM1l8sbpWzrJL3mdhbhgWNAGImrQfakulkhH1oX50YVAD1eb1mjdQQu7 PEGxU.DNwJUrdgyH3xbVNBXgCCEPAFmBUrmlBAzxGC.pUuHGAE7Ez8QGV3OwOB3uVrDHZl0TKWmA XIgQeyKkq6VHs4WTOIqvCTPEKtbrOqfZb9Hj6ORZFzDor_PhKpPeL1XJYWb6Qj4wSI09wISzzQgw FMtar_wS4yi8mI0uHRMM9tXwF4nV1r8OhUTYX.mQHUQUS4embBRKYtBBtj5XwzLATjfuZUO2U_6B YlDatikro.VazJyIpXocWbsbcdKnMdxCykjHb7Z.j0wLoMujFst3GbYJMxJ_eVd6TI2rl2Ip2Xoy sRn5uLZ3KPQp8NRoq1LQptacFyMqu61pKwTC.oD3p0sPw3Y3KsvElfSm.oFhJ.FBUR2GztamCGNG rcIeHnB96957JVVr63dTGsptzvnEJHz7E.qsZZiIsdL49N67.2Scmx4HhqPwHrrneRFEw4ncctLb jznqvZ4lRp2mxlTIaNv7asRXEeNBE6D43TPK.fCDDXc6pBltXzIoLBMTrHocPagrUubkYtc0BQCT a4gbzjh2cUcI_qp9EQLEO0_hOgqarn3j9cAq6pM4BevU4r7U0W7h5IcfP1KhxZ4SJwsLz7vqqWpC 5fPx3efeqzE6Os6x.Z.ZE81_Eq3n1E9cKUk3SA56QhjDX3Uhu74pJuhYnLGDjG75SSMEcEx010rj CM_GgoEP6nzQ8KDmh8VxCU1.7N6X93z0HAYS1O7yPFH8qjIaQBXgkh0bNBcJ.FmLcNw4l2t5sK8Z P5LaKnRmCnM3tdfp5AFAEUDogN5tROuCLL9EGkafiJqe4zqcHU0CrMRrUZIdYuQz3JgdD1tRLZMB t54q9cPfluVGKn_6UEwdeub5JPamldzZeNWbcv6KZnIR2yBcKtxse4lQlLyzTSEzvQSrdGBP9EcC ZiGJ7YGRoOaiJhP.NDcG_P1TbxcK3rPqE1PRMBbPY5r3r_v8qihaXDHVOB0GQYpFhVd4tDC_uMQI 6b17ev3h2O4OpUqqZWnKTdAxq05rBWfGqH_Pv_PZybI8P0wvIXaFZGbnoRIsdXIrPQpRhE9s.HqE vdIWLx2gm.LF0FSC4Z7iZzLjOmYjX8QUgjkllOBvQe1kNJ_liQT_zEFm_BVYUq2DOdRxPNJyWJ7o nyQDAVd4JcLh068dTOEGviDIMSuNH7JQWPBLahO3uxSwdTrG0GTrRh_HBZFr17DtbzUR1NzpV_pL S4ahrHrxKREpu7Q00xocKo.HECCFrt7kY4QcfWkxRKZlOX5EX3pVM7lkai0YmxOFUBf9H8jzY6Cd 7eeY5OrY- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:42:56 +0000 Received: by smtp429.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 824faaf1f4a5ffbf9b87c6192a4b2124; Wed, 07 Aug 2019 22:42:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 01/16] LSM: Single hook called in secmark refcounting Date: Wed, 7 Aug 2019 15:42:30 -0700 Message-Id: <20190807224245.10798-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Restrict the secmark_refcount_dec and secmark_refcount_inc interfaces to a single module. The secmark is too small to share, and this allows the modules a way to detect if the secmark is theirs to use. Signed-off-by: Casey Schaufler --- security/security.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/security/security.c b/security/security.c index e9f579483d12..0467f194d87d 100644 --- a/security/security.c +++ b/security/security.c @@ -2564,13 +2564,25 @@ EXPORT_SYMBOL(security_secmark_relabel_packet); void security_secmark_refcount_inc(void) { - call_void_hook(secmark_refcount_inc); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.secmark_refcount_inc, + list) { + hp->hook.secmark_refcount_inc(); + break; + } } EXPORT_SYMBOL(security_secmark_refcount_inc); void security_secmark_refcount_dec(void) { - call_void_hook(secmark_refcount_dec); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.secmark_refcount_dec, + list) { + hp->hook.secmark_refcount_dec(); + break; + } } EXPORT_SYMBOL(security_secmark_refcount_dec); From patchwork Wed Aug 7 22:42:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082835 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C6C51399 for ; Wed, 7 Aug 2019 22:43:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0EEA328A16 for ; Wed, 7 Aug 2019 22:43:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 02EB828AB8; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4EFF728ABC for ; Wed, 7 Aug 2019 22:42:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389413AbfHGWm6 (ORCPT ); Wed, 7 Aug 2019 18:42:58 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:43603 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388681AbfHGWm6 (ORCPT ); Wed, 7 Aug 2019 18:42:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217776; bh=MlDHtrNND4LR/EHOiuM3r7rqviYCW16Nt8FVPqFyU+I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=eAvN4Fkrxa+33cHC3+wsBl+bc7RZGIu+8fIUWAQyOwVhvjhatfwzMXpYYB0hdNt6GHE4h/W3QNpRNJi2++8ukSIEONNlVqJwmqUPETElMB/Gh9Ll2O1qTzx7LAshYd5PXNX5p1lP3b1gZ+UpuL75rr+T85XVO2Ge7UzflPdCe8Vhsn7n6PsTfUtmu30e3rai1TIdB+/mcFEfIX+R6jRxX5OcdylGfhOfwQtaJel9l3wHGY9MdymsmWdMtEli+WlIB/rI31DYnMBbsSPFMCFJEf1nghAbvOjcOqRZsOPzqZ+VAAquzOwehiI5kBM42TgzOkRmi8JcDBLrh4sTKB2WkA== X-YMail-OSG: Mnijg5QVM1lHv8KkzqTmj7zSTKhg7Vyco8aCQxTRsl7blq.7XNUBEDU5pi1rRAk PnTLtSlwn_J7oDk20NoGZddtrp0_kvRmX697R8W_0OaFH6NCfbf1Wm73xEU4kKgTGKqJAayvp7yS Nfv1ze_R.6sXOMioGSOm2024GMRzjy72k83nl4uFFkGv7Is_0n8KQuTdVcGvR6RrYwzdUiTej06i q2hPazt3SnBzHWtwn5UZwxEofQ0S2yTYTNTaJ1MX1pJNMcIF7nf5NnRe.fcohIALWMUQxtaTfliy kaplJ9.K09JVhq43c.tcOYNHL0aGU.YnJ8EIXag_nyw4FkeJyFZ1ws4Hw6.bpc1zd.eW90lkq.pi ssswME9uqS_Gqlda17PvlJ2LTTdcBvZBPWPD.2OncyrrqgEokyee7IkybEWy3SMMYtCd7qagnQQ5 I_e2ryiY4crXf99Ww11QvuSV5GJ.WHryK4XzHnDcrmK6ntYts7xAfQZC8UAce59SmubdIi7QA99E SuVTO..2Umh_ls33r7mSQ9u6XijbyOs.K4tu8WpEJ.LkokXYIqbbgezYqmkDsPpogwnSXXcHAaMe OxbABCuuDNOrXWSXR38MeKeGFK1GIuWuRx9KLFRhnLlYd438dn6Nc1gXINWjAwWcYeaGeBK0zR04 Gz8iy43hQUHdUG2kHhzM3GGGdvGZS8QOI_mHR9IlE.k2nuconDOps89O48nUj6KXI7ggaErtAXCa c_mOQTEHvVFjMar8SuhFP8VtPMZJKVCf7FFPL1uKJ2yXShWGYBo_X3RKQNTg_eUJ95JTEHqc_iRx skyFcXLCTs157Q7qli8PGGjnkv614Ck8Md2P5Ck212PF1Fmp1A7b7CBFQc900wu2PxXP77VTtaQC _a8yz.TwRAvoo0oOcfoqpQMblkK9BYXKij4H7KEcxb.KoSJPKOJtatqr3Q8g5_CheTHrj8I4qxcJ Zz61bBM.p8yeHxg_M9OGvojXIuZpQLr.1eOPJXmHTAT4xvYiFz1reRVbHgGmleERuxwhZPp4g2lP SxVgjve9LX_Xw.MW7S94LwV3pEnmpGruVdZb8VGP3w0_Q8WYT9T2jPf1X_jRVYxZx_vLh_l16G7X RC2NDoQ3lfFzWob3YpeUrkAyTCXJf8jb0bea1FY_kPb65zt991TxxnxGw3BldxbhuoqynzUBnF69 J.Mb0p3D.sKFyZw9x9X4o8ZFS4bv8K4kujQurg.IP3p7pG1eP0d9Fw2zL4gEfol6zCD_a.tWp.BZ zshTZBWVD5WeMEriOWNWn_vQHXQaTg0TH4Hm8Z.Ci_GNyu.hQDrFERvHKkQw- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:42:56 +0000 Received: by smtp429.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 824faaf1f4a5ffbf9b87c6192a4b2124; Wed, 07 Aug 2019 22:42:53 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 02/16] Smack: Detect if secmarks can be safely used Date: Wed, 7 Aug 2019 15:42:31 -0700 Message-Id: <20190807224245.10798-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Utilize the security_secmark_refcount_in() hooks to determine if Smack can safely assume that IP secmarks are not being used by another LSM. Only use secmarks if they can be determined to belong to Smack. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 16 ++++++++++ security/smack/smack_lsm.c | 54 +++++++++++++++++++------------- security/smack/smack_netfilter.c | 39 +++++++++++++++++++++-- 3 files changed, 85 insertions(+), 24 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index 039bf5de56b4..f28db5a42b7b 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -545,4 +545,20 @@ static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, } #endif +#ifdef CONFIG_SECURITY_SMACK_NETFILTER +extern bool smack_use_secmark; +void smack_secmark_refcount_inc(void); +void smack_secmark_refcount_dec(void); + +static inline bool smk_use_secmark(void) +{ + return smack_use_secmark; +} +#else +static inline bool smk_use_secmark(void) +{ + return false; +} +#endif + #endif /* _SECURITY_SMACK_H */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 40c75205a914..341a9927ed5c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3801,6 +3801,20 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) } #endif /* CONFIG_IPV6 */ +/** + * smack_from_skb - Smack data from the secmark in an skb + * @skb: packet + * + * Returns smack_known of the secmark or NULL if that won't work. + */ +static struct smack_known *smack_from_skb(struct sk_buff *skb) +{ + if (skb == NULL || skb->secmark == 0 || !smk_use_secmark()) + return NULL; + + return smack_from_secid(skb->secmark); +} + /** * smack_socket_sock_rcv_skb - Smack packet delivery access check * @sk: socket @@ -3829,17 +3843,14 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) switch (family) { case PF_INET: -#ifdef CONFIG_SECURITY_SMACK_NETFILTER /* * If there is a secmark use it rather than the CIPSO label. * If there is no secmark fall back to CIPSO. * The secmark is assumed to reflect policy better. */ - if (skb && skb->secmark != 0) { - skp = smack_from_secid(skb->secmark); + skp = smack_from_skb(skb); + if (skp) goto access_check; - } -#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ /* * Translate what netlabel gave us. */ @@ -3853,9 +3864,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) netlbl_secattr_destroy(&secattr); -#ifdef CONFIG_SECURITY_SMACK_NETFILTER access_check: -#endif + #ifdef CONFIG_AUDIT smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); ad.a.u.net->family = family; @@ -3881,9 +3891,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) proto != IPPROTO_TCP && proto != IPPROTO_DCCP) break; #ifdef SMACK_IPV6_SECMARK_LABELING - if (skb && skb->secmark != 0) - skp = smack_from_secid(skb->secmark); - else + skp = smack_from_skb(skb); + if (skp == NULL) skp = smack_ipv6host_label(&sadd); if (skp == NULL) skp = smack_net_ambient; @@ -3983,11 +3992,11 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, s = ssp->smk_out->smk_secid; break; case PF_INET: -#ifdef CONFIG_SECURITY_SMACK_NETFILTER - s = skb->secmark; - if (s != 0) + skp = smack_from_skb(skb); + if (skp) { + s = skp->smk_secid; break; -#endif + } /* * Translate what netlabel gave us. */ @@ -4003,7 +4012,9 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, break; case PF_INET6: #ifdef SMACK_IPV6_SECMARK_LABELING - s = skb->secmark; + skp = smack_from_skb(skb); + if (skp) + s = skp->smk_secid; #endif break; } @@ -4075,17 +4086,14 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, } #endif /* CONFIG_IPV6 */ -#ifdef CONFIG_SECURITY_SMACK_NETFILTER /* * If there is a secmark use it rather than the CIPSO label. * If there is no secmark fall back to CIPSO. * The secmark is assumed to reflect policy better. */ - if (skb && skb->secmark != 0) { - skp = smack_from_secid(skb->secmark); + skp = smack_from_skb(skb); + if (skp) goto access_check; - } -#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, family, &secattr); @@ -4095,9 +4103,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, skp = &smack_known_huh; netlbl_secattr_destroy(&secattr); -#ifdef CONFIG_SECURITY_SMACK_NETFILTER access_check: -#endif #ifdef CONFIG_AUDIT smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); @@ -4673,6 +4679,10 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), #ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif +#ifdef CONFIG_SECURITY_SMACK_NETFILTER + LSM_HOOK_INIT(secmark_refcount_inc, smack_secmark_refcount_inc), + LSM_HOOK_INIT(secmark_refcount_dec, smack_secmark_refcount_dec), #endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index 701a1cc1bdcc..7b9c8d5d8408 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -21,6 +21,29 @@ #include #include "smack.h" +bool smack_use_secmark; +static bool smack_checked_secmark; + +/** + * smack_secmark_refcount_inc - Seize the secmark + * + * Note to the rest of the Smack code that secmarks may be used. + */ +void smack_secmark_refcount_inc(void) +{ + smack_use_secmark = true; + pr_info("Smack: Using network secmarks.\n"); +} + +/** + * smack_secmark_refcount_dec - Do nothing about the secmark + * + * Matches the incrementing function, but does nothing. + */ +void smack_secmark_refcount_dec(void) +{ +} + #if IS_ENABLED(CONFIG_IPV6) static unsigned int smack_ipv6_output(void *priv, @@ -31,7 +54,13 @@ static unsigned int smack_ipv6_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && smack_sock(sk)) { + if (!smack_checked_secmark) { + security_secmark_refcount_inc(); + security_secmark_refcount_dec(); + smack_checked_secmark = true; + } + + if (smack_use_secmark && sk && smack_sock(sk)) { ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; @@ -49,7 +78,13 @@ static unsigned int smack_ipv4_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && smack_sock(sk)) { + if (!smack_checked_secmark) { + security_secmark_refcount_inc(); + security_secmark_refcount_dec(); + smack_checked_secmark = true; + } + + if (smack_use_secmark && sk && smack_sock(sk)) { ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; From patchwork Wed Aug 7 22:42:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 387FB1850 for ; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2C2AD28AD9 for ; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 20DFD28AB8; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C69EB28ADE for ; Wed, 7 Aug 2019 22:43:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389445AbfHGWnA (ORCPT ); Wed, 7 Aug 2019 18:43:00 -0400 Received: from sonic309-22.consmr.mail.bf2.yahoo.com ([74.6.129.196]:44142 "EHLO sonic309-22.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388910AbfHGWnA (ORCPT ); Wed, 7 Aug 2019 18:43:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217778; bh=Mz/r1EdVusIgzmEqbr7D59R74gOyqNM4yG4MYLC8IaA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=TZYEE9/bkTsqOdI5hEdPVDz49UxEYL4ylTs2s48e7XqtZ5DzzJneEtreugf28AbMrHhtQ/I8xtTBFYVSLfsmX+v7nBPq1CY1xJI8HUIZZzzUQEgLBxNGx+prHbWX1Zn22R8vy0IEtE8SL8bUF8dU1GsdwOmOwRWMFPV3sZZDlkQeAo9fqer8owl7Ax3LmIDcOH/mJjFSh5topL7KQHZTjjgyxOXdGK/aNSFpV4dHcAVDQ3tAZ4H6hD5DS+tSnOvEvb2cCfBPslYLuoU2N+abtZeJ6vEFwrrdw29XsOiYitxJPnDvOqZHE3nED2DfW1HcBXGwzQ2RNPTe6snx03Kdnw== X-YMail-OSG: .YRS4hMVM1lSKcjmTg0YwlYoPxN8uGGZjFHggUj8vjKSV0mHERgruSv8qQZKodP eKnLfx8xZwirVSZpsZUmoC.DgZamA6jN_6LOmeuyxUKuV2riM.__kHfCnnKb4vEB9ECNLmR3QP7I Ei3BVwDXbjGLCB619akC2eZCohmqJmQYWrFzQyEiRWICsqVwOJjbngm8I6LY2meUjcxpM1qA53DJ 9nfxpcj00EKlIgOg32WEUNb5rONwreZBJq10Ttm6Jk8yxSAJn.VhHSUhDmTgL5VayYmwPe5_mPxl Vx5qlMhqImTLtJtBqZr_l.KDID2oF_AUI8VEih06f3VnGtjZHfhGL8pIkdBFyCjBM3NjyZ37GoYz S5ZY.k3kLaulx9uub11qNooCUiAx.wIGMpkw4ww_s5wp5kEbFqdJ0S8pFYaGFB3Fus9lGtsG6t65 8rdiuUIKY2aKn0XXGrDrcnOevSllg_CC2Xqmm.pEZ9ls857ehlXxLgPO6d9ewSw.BE13qEVy2JPD PgUDeGMp5MsrD9CVr.21.dGNU1FAZK5o7Cjh9aoma3ds.ZQuVLHdqkpXAsWFWn5OO2_lOrRgSxfj tX8eoX7_XXJmWOLZHo7n7_WKE.dyfJC.Ca3QoO2FmX94V5ng8K4WHzOTkzpA4KAA3HpEJpa_lM7O .W76uJzfdKYXoCBPJS3NuFMr9n3QraYSEwEN9uh_Js7Y4Wmkjc05OmgvonovWj43JhYuiT3kQ12k Aw4EKQZmvRcXacV2Ov4zq5UXcRsX.9pxi00YGNtgrDxTSOQit4_m_zREEZP_AIT3NDumlcgyueSp 3ESpLnWqRExibE.mdfynRr3NixEApwvyvAaX9ccTlmSRPIaArYxNl2G7jfOG4iB7ii3HtAPXpGIE tF_FAMfuObSRwZ4hlX68PQNrGutWIdqJ5NYXfldKokw9oVQ0CYwyJYmmaG4QXZ6y67QD9ujht55G fy5JvNNTGH3aVXv160Jg7I2uvdq40OY8TwaUd8OyHD0c60TtUlB4DwzESJYoNoU7i3is3EkHSFqT 6ga3fc5u8S1nx4SLeeWMKpUinVGwRGBlbz34ybBXML.rPJ7be3mGFjWo9txsUCzKgyNAERu2V6a1 gpcKJvFOvxhR3anHauKjmsz5K5XDxiAL9wB7eE.mGGbA765feYAenxL5PmcCb3qP7AMqZzclTRZS dKEFOHvw9NRUwAWyI6Bf.ihS1Vsqq92Vwv2s6q16JKbd5kjvWIxe9Qw1ut8NxNNHLfIvfvXbLvQd ePtKaCzF9k0WpqbMUn2zuhLuExKGxZR7CvRro0f37WFmLRDZslMT8TxBMSW9cZzbqh9qOUULbQ0m BfsmpMZd4 Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:42:58 +0000 Received: by smtp429.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 824faaf1f4a5ffbf9b87c6192a4b2124; Wed, 07 Aug 2019 22:42:55 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 03/16] LSM: Support multiple LSMs using inode_init_security Date: Wed, 7 Aug 2019 15:42:32 -0700 Message-Id: <20190807224245.10798-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Refactor security_inode_init_security() so that it can do the integrity processing for more than one LSM. Signed-off-by: Casey Schaufler --- security/security.c | 48 +++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/security/security.c b/security/security.c index 0467f194d87d..a58e60970035 100644 --- a/security/security.c +++ b/security/security.c @@ -1096,9 +1096,10 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, const initxattrs initxattrs, void *fs_data) { - struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1]; - struct xattr *lsm_xattr, *evm_xattr, *xattr; - int ret; + struct security_hook_list *p; + struct xattr *repo; + int rc; + int i; if (unlikely(IS_PRIVATE(inode))) return 0; @@ -1106,24 +1107,33 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, if (!initxattrs) return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, NULL, NULL, NULL); - memset(new_xattrs, 0, sizeof(new_xattrs)); - lsm_xattr = new_xattrs; - ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, - &lsm_xattr->name, - &lsm_xattr->value, - &lsm_xattr->value_len); - if (ret) - goto out; - evm_xattr = lsm_xattr + 1; - ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr); - if (ret) - goto out; - ret = initxattrs(inode, new_xattrs, fs_data); + repo = kzalloc((LSM_COUNT * 2) * sizeof(*repo), GFP_NOFS); + if (repo == NULL) + return -ENOMEM; + + i = 0; + rc = -EOPNOTSUPP; + hlist_for_each_entry(p, &security_hook_heads.inode_init_security, + list) { + rc = p->hook.inode_init_security(inode, dir, qstr, + &repo[i].name, &repo[i].value, + &repo[i].value_len); + if (rc) + goto out; + + rc = evm_inode_init_security(inode, &repo[i], &repo[i + 1]); + if (rc) + goto out; + + i += 2; + } + rc = initxattrs(inode, repo, fs_data); out: - for (xattr = new_xattrs; xattr->value != NULL; xattr++) - kfree(xattr->value); - return (ret == -EOPNOTSUPP) ? 0 : ret; + for (i-- ; i >= 0; i--) + kfree(repo[i].value); + kfree(repo); + return (rc == -EOPNOTSUPP) ? 0 : rc; } EXPORT_SYMBOL(security_inode_init_security); From patchwork Wed Aug 7 22:42:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082831 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9B6BA1709 for ; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8CA6928AB8 for ; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 80C4928ABA; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 31C8928ADE for ; Wed, 7 Aug 2019 22:43:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389454AbfHGWnA (ORCPT ); Wed, 7 Aug 2019 18:43:00 -0400 Received: from sonic303-28.consmr.mail.ne1.yahoo.com ([66.163.188.154]:34261 "EHLO sonic303-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389109AbfHGWnA (ORCPT ); Wed, 7 Aug 2019 18:43:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217779; bh=6n13r+TGuRrCgC6xMf8Ht0oQXK5h6JL9/vz8UiExqsE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=dih5+u/Jm+Ac74/E2AppKYjjX7+ve0FuWskbUkWQ3lDZpKvF7KUA+uEoyOsu6H6zP6ia1uaCvhmhS6rX7/KUZAcWFVA64MqPcLWv1NNAXDVWEwJ61q/wIkFDRdOvQ5rj6f44g5jfuJriCGy4cenHB6amgoc5ib6bo8/IVyn+zJvrIOI5cRt7KTNet3PKc8Fr1Cw32fjcRuVK20qcTChECdayMxf7GXjXY7TVboNWfZmY6m4Z64+YAwuFVUIptlA9WZXbJQuSGAJ3dNFs2nTpdb+KLMvxExL85VWBKoPoJtQGIF2yN2Ywgw6bj6mgXN44JNo+4QF8wYT/kejJ2bJeMg== X-YMail-OSG: .EHJt2YVM1muOdznfEYeSKsASUwX6gwdyTRtbSqW2UshQydxm3R_2dHNuNReTlE 7poA63lSPWvauqvHF5UsRbTzaa1ymAy6m89DepfLrTOYbh2x0JEH326uRahE1IAxnqU4wFPl06jk _wKj81FqsN1.v4.iUvp5oh8oem81e6CFdZEgZfkbpbd62dbV8YgFf1cU.yOhkYQnEs7YW8iQvZcc EdAoBp7tRIIWvMqQCzxAzLoCPt74__y5lZHnlGTkGlTTkBCB6eVhawAwKO4z1s8G6WiD7gDaWb_Y abHyj3YFO_GH0Qdx6eUpj0a4zbe7TihwW_kPGrP_YIcgjqVvMwrZcN5iplgejhB2Xw_de.dSiSHz NTM_I6I3TigZLzkp8EnC7jfPck_WnyUAQ1OlEAbeaH.8NJ7DAdf83w3Ld6.djEAyu6jRTwVDuWNJ yESPg9U8pLoeBtYG7BHpzR7ybo7sRSZaelpf4hfqgpKBA8KA1LqnsFouyop7Di.MAYydJxTdN9gy Au.H6u6HMltdjFpo_kngkwQR8FV_CJbzEqaB_CVn5NrT0Hp5eOTjPNuNkOGX4vRn1ufyKqIzPbjB UYTqgiGw2LVB8TtThyNx_Zft0HM0SQ2gl2wzZnG1DQhZBPs1xBt.iH1EacEraFFy6KrpdPwoQXd3 XS89Jdij_Q.RILlv6qGQI7XM8GFEPYhihzOdZwTTKSfV6jSWAWFMgmiUB3QxbCJVj5qlKoPXVP3i ukaLUfidxhfO3XaIgREdtlpNjG._u04axz2LMhKJIgF0XVD7M_110BJ1j1QlB3LJlk5LcIsyIRd8 0Ormim4tlpoSL5VsigU8iBgiFTJfDm87ZCVbJExQL3jrHbWnvpXddEQWEsMPhiby1dcqgz_nkWJF f7nMs0iU7l2EWkwJ6KG_YNC3YuOIMCwtyTJKSeFGKKxVoccH3OWjdTjfvK_LR.IPCmsiWxtVzqGK nMfF6sVzMbbhOKnc4CF9SdIKLPoLDyIGr_WDimZ2tqpJQwyKD_gNc8fybdkkmjO38D0mlbJ1yMiD ct54iUL_8rF8h.WLVz77kIMQBYJ0U0e2OEMWKuTTHD5VEzM8KcZMhy6p3nQKfIjQMAOAmY0qR_87 l7xx8LCG8.0bNIrSvozMIHKklr_08lGdwJVrDBDM.h4drJ4rwoYjm5J2kkzP1Rw68TMCsuoHzFZJ _u1.evBCN_ZCX.FwpsGDPttfooaBMoOluh5LbuJ83JqvCExvqQaDIYXFwGy.wSHBVbawVakGHUqv QGSa96fgMJ9880D_jNgwJqxy3K6aY9DIsJXhziMXKBKQT87sjnS6e_Sd4mIpsNuZ_BbsJrpQN3Kz .0hGN8acU Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:42:59 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a922c1f55dc5f6c930e3c4333b468534; Wed, 07 Aug 2019 22:42:58 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 04/16] LSM: List multiple security attributes in security_inode_listsecurity Date: Wed, 7 Aug 2019 15:42:33 -0700 Message-Id: <20190807224245.10798-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Listing security extended attributes is extended to the case where there is more than one security module that provides them. The same format used in other xattr list providers: name1\0name2\0name3 is used. Signed-off-by: Casey Schaufler --- security/security.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index a58e60970035..87cb3562646b 100644 --- a/security/security.c +++ b/security/security.c @@ -1475,9 +1475,34 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) { + struct security_hook_list *hp; + bool first = true; + int finallen = 0; + int len; + if (unlikely(IS_PRIVATE(inode))) return 0; - return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size); + + hlist_for_each_entry(hp, &security_hook_heads.inode_listsecurity, + list) { + len = hp->hook.inode_listsecurity(inode, buffer, buffer_size); + if (len < buffer_size) { + if (buffer) + buffer[len] = '\0'; + buffer_size -= len + 1; + } else { + buffer = NULL; + buffer_size = 0; + } + if (first) { + finallen = len; + first = false; + } else + finallen += len + 1; + if (buffer) + buffer += len + 1; + } + return finallen; } EXPORT_SYMBOL(security_inode_listsecurity); From patchwork Wed Aug 7 22:42:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082843 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BE03A1709 for ; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B23A428A16 for ; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A650528AC6; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6722128A16 for ; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388910AbfHGWnF (ORCPT ); Wed, 7 Aug 2019 18:43:05 -0400 Received: from sonic303-28.consmr.mail.ne1.yahoo.com ([66.163.188.154]:45689 "EHLO sonic303-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389595AbfHGWnF (ORCPT ); Wed, 7 Aug 2019 18:43:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217784; bh=ZUvYNpJVEFecctk/GVbqBSpS33JuXn1Z6n8l1Juxt+8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=kfpJkTsGkeD1IrmTUW+6TU+mYqmYE/eiC6oCKn7xlWpDttkH0Z0DpsHYE6xE3PLtSLGlzqOqQc2wm0P1OFgg+KVG5lY5C5pGyxHCG9OtJ5DtiO1qXREvPpuxr+vtITQSgDFslAEnVRCwQ2o4dh+zjgmLZPjumHem72/YGI4HLGfdgUO4eC71vB7+hZl+N1lcMSEvXmd6XQiyzkvCo5JbC+G7YLxeCV/pJHd2o79MCuFXXvJ/5YBm4aqOt4AytR7cZdluVRwph67nzdIaS/kzZ5KEqrLT9ns9ep63nlziUFbAL4q1amBmDv49uDFy42kezCKjXnlzW6yjcLpZ0Xvq5A== X-YMail-OSG: XfLy2akVM1kOH7soX8bWdYB6lcpddonom1xINN4DR02fo5TgetX_.ULqQNJMypa p2N8xCR5Lcerm.mvTFNw1_hxm7KaRP2eLKjvW_Yy4R5bttqMLxKPJk70ln85rUSA0oXVt_rUC_lN YOmJ1.W1y.z4ERcpDgcakYNzJcaElGP2_xBNr4EyXQ5gJn141dKDAJuz05kCMwPT20Q1f0iMU.vK 8Uq0HOzyRwOvNg9o5RgVtQzWIBazBLdZVGKR0bopmBebO3Y5G3XiO8stxtjAcZdDkRVyPm589qh. 4k1F.RfAUHgsqd3oiRQGhKAItBxXpaJ.ZH8c2OwEtpFXtcKfR31tUYTjodYvpSirlnQQuANIqem6 pwy6vYPU.01gXCuwIDQir5CDGnn4j_x7irzykumBeri9uQocjCn.SMp8nu3oPswwWD2F4X5iO5tL AvNHpB_7lLoES0CJgUpjN0GhShMayX6tGWS5I4NrdhiCgliDFCuaxsTylz3fgdv6mG_iRANavSBQ e1ouw3G8B6jNBPgsDVfSxtJjSGD_8YfXQXBLAk8E0PMRdRssUAIKdY39bxyefqBnZRDdKBf18ZyU jevaCdkaus0fb9h2CG71HcnwJJDMWtb1tydjRlPJsgokVa.AsmlbPuqqWSLHQkSkCGd4r.4_Le8H LB03UZE1617ksJ7.RnMP6woo21xCS4moh_uAgmSlgVuJtXR6lBK2I6zdH0VDplVyJmKxPdoo7Zvp 31_kA75Ct64.295vI_jL2OQQSZIpNVrtSCsLn.MV2cqfTrjm6JryyCglLzzH7RH6Xm1aJIqDZ33L JlcQ_IQ_dx27wgwWn75dmLMeCMMB9gxLvKmCc9LjbKbeW4oR9OpM2b7VPpc.1OnzOvZ7ogxqc1uc bJHXK1R69YzcMpopKF49QAdI8sKnCMLBTMw4WDR6BT2OxL5d5T_g8sQ82EPunvGIbkQRVFUsCXa1 YsVzeKcs6CfnFCR9jht1zpJAFQV_rlwlz4ER9L7Q8J7MIOj8UiN1hGlZDIq90jCzNOp7ZOeiBGW1 XngBtLCLtBXi6QEmcS52pIYzdIVhHxunlkvrnT_QqusgH7v8jQlG1Xhb4.YYkxq7lcLJNgHhFRKM Db.TGfQZEqJ7yC6F2FmwfuCBR.YDV2mdo9g_nCITECdN60VzcOPbyWfHsnMepc376AnZvBIPx.Ia VWcCvPoSW70jNS5fhclEUEXblz1m52w7znd0.uggMNtNmqR48SPLbdeLwk8i9hx3yctwx1dHAODK bbJ61bKerloyWVQcar2Vqlc7SsNoxKQZjHmKL4POZA87imfUiV8Pc3yfZ5AFGzoR2iTWR6cbGnH2 vFFyhFInIczk- Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:04 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a922c1f55dc5f6c930e3c4333b468534; Wed, 07 Aug 2019 22:42:59 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 05/16] LSM: Multiple modules using security_ismaclabel Date: Wed, 7 Aug 2019 15:42:34 -0700 Message-Id: <20190807224245.10798-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Correct the infrastructure logic calling ismaclabel hooks to reflect the yes/no result of the call. Instead of the usual "any failure is an error" this hook uses "any success is success". Signed-off-by: Casey Schaufler --- security/security.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index 87cb3562646b..13102d16bf2c 100644 --- a/security/security.c +++ b/security/security.c @@ -2212,7 +2212,12 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb) int security_ismaclabel(const char *name) { - return call_int_hook(ismaclabel, 0, name); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.ismaclabel, list) + if (hp->hook.ismaclabel(name) != 0) + return 1; + return 0; } EXPORT_SYMBOL(security_ismaclabel); From patchwork Wed Aug 7 22:42:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082851 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A64AA14DB for ; Wed, 7 Aug 2019 22:43:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 98DCE28A16 for ; Wed, 7 Aug 2019 22:43:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8D3F628AB8; Wed, 7 Aug 2019 22:43:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8930428ABA for ; Wed, 7 Aug 2019 22:43:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389595AbfHGWnI (ORCPT ); Wed, 7 Aug 2019 18:43:08 -0400 Received: from sonic303-28.consmr.mail.ne1.yahoo.com ([66.163.188.154]:34730 "EHLO sonic303-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389519AbfHGWnH (ORCPT ); Wed, 7 Aug 2019 18:43:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217784; bh=QNIe7jTKLKFHH/DG6BU5JjF2uOAEc0WuEQ4h+M52wv8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=T4idrvnSz6IGr+3Cgyn01Zb0qzprwVxxTL19Gsi+e1q9xYooRPuFUphOa3W6/KoSZrFfQBOKTZLEeW0ntz7E/Y7WbgjlMT0wVVjlqeeSnNU08WCcUZV/THz/MCYXTmnCE8VyZ9r3pmDoSY725SqgHZXoETXZ/LPRcwft2fvMc6ZJftfCaPH2CTcJiH1Vskq6UHQRO4cB8KH1U0fI3hulTct5+9CaDIFssG+u61Hm17XQzOAQ6Yvh/ILVD1W21PIpvbb6nM6gT5VHwUpWqeOMqqBmpn1t4ZtDQCFm5plSxjwR4O1ncrq/rKanJGh7o6bGFmJvhwW0EtDBeFXxLFeGUA== X-YMail-OSG: sMYTZR4VM1nFAp7mA8zg8Ktihbr637JFxn3oNrqLEjTaC33rD073zP9Ujp2oQMW JoZp8IQS9W6est.7FClQoElRmJCrY7R0EZ83rCTq192ILtflswQGBKKRUrs5EC3vseBwenyPRAZl VGPDM6Zkzn5L1WeeQ99g_hrMk6g7hfT6kOBEBovexRf.mTgb_EqbHgv3QMrwotmNQWMzbepsVJZC j.Qeff.EGp51nS4PYeQxSMNZHEyg2humxPtTGL._kJ1nTgSYTDn6rLxh9qJ_0Tfqhx7ymmBqainR 7c8IP6q5oLPzCXPyEGA3mtpNhzN1oEs5in__mK0AzFLyunZj9h01mdfNgFkVwNwkmHscV1tpUzes V69DDw6902C2XF2FOWM9Nvg119Fyoi9KCMKvswNxPrA_04Z.NxBxFW5vCSHdATUkry1A.7vNyhdA GAnSWM7sidbneeqSTQkApBZEPPgrzqQEptHGBwrDbLtozvCQZCakYsSl9wQaWpmSADN3HZQ82slp U0rguCeOALskxb5BE4QKIT_yl2ULR3iag9CUNkg5nnAubwtg1Nkqfh20Xt92AXVqdPEB9p7JLisB flludkipmi7z9kQVXyyoeO4pIV9SYyNZNIfSCO2lZLFaX03c686kkXal6HeQ4Yog_TdMov28QOyj 1vquwsVSXB3YE3My_V2N6js3p0GmkOYG8irNsTGKawyZH5Lin8ecBxzYfUaO.lsFIsDeFM_y5.1V k2p6TeU7pkZlI2Gd1cpy3TspWP6su3ouGj2h518n9xribd5bf6dyO9PWXcpwFCYDlH9QSdwWmNQj FQfr92cpwFxjGgVLEyjPyATqCMa7NrvScpDDNxz8ZrgQI4lYOnfLX420O2Oyb5nq4GSj34ClNEDZ biYCsS8mkY4EyLcA2OTq1Qk5eDSkE4WiJGS3s_sUaoHqeDmZZJ_5mzNX7duHmJ4Q4qY9rSHnZh9o r9owl5fJADtsuLtq8GeROppkAozQmr53RzOnUoqhHgEJm_V5MzBWH2W8LTEp82IQQhk0ADzjxqpX ABw3FRU1rbdTCpgxhhDL2CxuLgZ2Dt76cBrO6ryrMRpFatzSJCBW82a.EhgTf.bK.dwyAqRyJvXJ TRA4VGiFV_TuX_aL41hxmNg05hNMP5L8bPUPxv0jW88BCL0QEGWI1Es0H6gN__Hnxs74ztUkfbnT 4bXGkm9dGtiaq0sguGbpn52_u19TP5xIKo6WK4Xo4UBrfmvI5YjVyhbWLUXK0l7G9E4eoDPWM_y. dk2Db_xjc.6NCPXqvAQFBXKcY1iU6MhSPIaOi1_53viamKFUWU6m.db5wFpkD9PR1yRDDJsGzrT7 LVXYeIQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:04 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a922c1f55dc5f6c930e3c4333b468534; Wed, 07 Aug 2019 22:43:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 06/16] LSM: Make multiple MAC modules safe in nfs and kernfs Date: Wed, 7 Aug 2019 15:42:35 -0700 Message-Id: <20190807224245.10798-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add use of "compound" security contexts to kernfs so that multiple security modules using contexts can be represented in the internal kernfs data. Disambiguate which security module will be represented in NFS4.2 transactions by using only the first encountered ismaclabel hook. Signed-off-by: Casey Schaufler --- fs/kernfs/inode.c | 3 +- fs/nfs/inode.c | 9 +- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/vfs.c | 5 +- include/linux/security.h | 10 ++- security/security.c | 179 ++++++++++++++++++++++++++------------- 6 files changed, 143 insertions(+), 69 deletions(-) diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c index ffbf7863306d..cd225121aff7 100644 --- a/fs/kernfs/inode.c +++ b/fs/kernfs/inode.c @@ -185,8 +185,7 @@ static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode) * persistent copy in kernfs_node. */ set_inode_attr(inode, &attrs->ia_iattr); - security_inode_notifysecctx(inode, attrs->ia_context.context, - attrs->ia_context.len); + security_inode_notifysecctx(inode, &attrs->ia_context); } if (kernfs_type(kn) == KERNFS_DIR) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 414a90d48493..8acc5eef4d08 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -341,13 +341,16 @@ void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr, struct nfs4_label *label) { int error; + struct lsmcontext context = { .slot = LSMBLOB_FIRST }; if (label == NULL) return; - if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && inode->i_security) { - error = security_inode_notifysecctx(inode, label->label, - label->len); + if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && + inode->i_security) { + context.context = label->label; + context.len = label->len; + error = security_inode_notifysecctx(inode, &context); if (error) printk(KERN_ERR "%s() %s %d " "security_inode_notifysecctx() %d\n", diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 0cfd257ffdaf..0f166c81f596 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -54,12 +54,14 @@ static inline void nfsd4_security_inode_setsecctx(struct svc_fh *resfh, struct xdr_netobj *label, u32 *bmval) { + struct lsmcontext context = { .slot = LSMBLOB_FIRST }; struct inode *inode = d_inode(resfh->fh_dentry); int status; inode_lock(inode); - status = security_inode_setsecctx(resfh->fh_dentry, - label->data, label->len); + context.context = label->data; + context.len = label->len; + status = security_inode_setsecctx(resfh->fh_dentry, &context); inode_unlock(inode); if (status) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 7dc98e14655d..274a998cc123 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -531,6 +531,7 @@ __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, __be32 error; int host_error; struct dentry *dentry; + struct lsmcontext context = { .slot = LSMBLOB_FIRST }; error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR); if (error) @@ -539,7 +540,9 @@ __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, dentry = fhp->fh_dentry; inode_lock(d_inode(dentry)); - host_error = security_inode_setsecctx(dentry, label->data, label->len); + context.context = label->data; + context.len = label->len; + host_error = security_inode_setsecctx(dentry, &context); inode_unlock(d_inode(dentry)); return nfserrno(host_error); } diff --git a/include/linux/security.h b/include/linux/security.h index 0665a27a2891..2f442746dede 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -493,8 +493,8 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); -int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); -int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); +int security_inode_notifysecctx(struct inode *inode, struct lsmcontext *cp); +int security_inode_setsecctx(struct dentry *dentry, struct lsmcontext *cp); int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); #else /* CONFIG_SECURITY */ @@ -1288,11 +1288,13 @@ static inline void security_inode_invalidate_secctx(struct inode *inode) { } -static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) +static inline int security_inode_notifysecctx(struct inode *inode, + struct lsmcontext *cp); { return -EOPNOTSUPP; } -static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) +static inline int security_inode_setsecctx(struct dentry *dentry, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index 13102d16bf2c..c71ddae6760e 100644 --- a/security/security.c +++ b/security/security.c @@ -743,6 +743,42 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + int llen; + + llen = strlen(lsm) + 1; + newlen = strnlen(new, newlen) + 1; + + final = kzalloc(*ctxlen + llen + newlen, GFP_KERNEL); + if (final == NULL) + return -ENOMEM; + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, newlen); + kfree(*ctx); + *ctx = final; + *ctxlen = *ctxlen + llen + newlen; + return 0; +} + /* * Hook list operation macros. * @@ -2083,12 +2119,8 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; char *final = NULL; char *cp; - char *tp; int rc = 0; int finallen = 0; - int llen; - int clen; - int tlen; int display = lsm_task_display(current); int slot = 0; @@ -2116,26 +2148,12 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, kfree(final); return rc; } - llen = strlen(hp->lsmid->lsm) + 1; - clen = strlen(cp) + 1; - tlen = llen + clen; - if (final) - tlen += finallen; - tp = kzalloc(tlen, GFP_KERNEL); - if (tp == NULL) { - kfree(cp); + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + if (rc < 0) { kfree(final); - return -ENOMEM; + return rc; } - if (final) - memcpy(tp, final, finallen); - memcpy(tp + finallen, hp->lsmid->lsm, llen); - memcpy(tp + finallen + llen, cp, clen); - kfree(cp); - if (final) - kfree(final); - final = tp; - finallen = tlen; } if (final == NULL) return -EINVAL; @@ -2210,13 +2228,22 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb) return call_int_hook(netlink_send, 0, sk, skb); } +/** + * security_ismaclabel - Does @name identify a MAC attribute + * @name: attribute name in question + * + * If @name is the name of a Mandatory Access Control (MAC) attribute + * that the first module on the list recognizes return 1. Don't look + * beyond the first module, as this is only used by NFS and NFS can't + * differentiate which module to use. + */ int security_ismaclabel(const char *name) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.ismaclabel, list) - if (hp->hook.ismaclabel(name) != 0) - return 1; + return hp->hook.ismaclabel(name); + return 0; } EXPORT_SYMBOL(security_ismaclabel); @@ -2284,6 +2311,15 @@ void security_release_secctx(struct lsmcontext *cp) struct security_hook_list *hp; bool found = false; + if (cp->slot == LSMBLOB_INVALID) + return; + + if (cp->slot == LSMBLOB_COMPOUND) { + kfree(cp->context); + found = true; + goto clear_out; + } + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) if (cp->slot == hp->lsmid->slot) { hp->hook.release_secctx(cp->context, cp->len); @@ -2291,6 +2327,7 @@ void security_release_secctx(struct lsmcontext *cp) break; } +clear_out: memset(cp, 0, sizeof(*cp)); if (!found) @@ -2305,30 +2342,82 @@ void security_inode_invalidate_secctx(struct inode *inode) } EXPORT_SYMBOL(security_inode_invalidate_secctx); -int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) +int security_inode_notifysecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen); + struct security_hook_list *hp; + char *raw = cp->context; + char *ctx; + int llen; + int clen; + int rc; + + if (cp->slot == LSMBLOB_COMPOUND) { + hlist_for_each_entry(hp, + &security_hook_heads.inode_notifysecctx, list) { + llen = strlen(raw) + 1; + ctx = raw + llen; + clen = strlen(ctx) + 1; + if (!strcmp(hp->lsmid->lsm, raw)) { + rc = hp->hook.inode_notifysecctx(inode, ctx, + clen); + if (WARN_ON(rc != 0)) + return rc; + } + raw = ctx + clen; + } + return 0; + } + + hlist_for_each_entry(hp, &security_hook_heads.inode_notifysecctx, list) + if (cp->slot == LSMBLOB_FIRST || cp->slot == hp->lsmid->slot) + return hp->hook.inode_notifysecctx(inode, cp->context, + cp->len); + return 0; } EXPORT_SYMBOL(security_inode_notifysecctx); -int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) +int security_inode_setsecctx(struct dentry *dentry, struct lsmcontext *cp) { - return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen); + struct security_hook_list *hp; + + if (WARN_ON(cp->slot != LSMBLOB_FIRST)) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.inode_setsecctx, list) + return hp->hook.inode_setsecctx(dentry, cp->context, cp->len); + return 0; } EXPORT_SYMBOL(security_inode_setsecctx); int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { struct security_hook_list *hp; + char *finalctx = NULL; + int rc = -EOPNOTSUPP; + int finallen = 0; memset(cp, 0, sizeof(*cp)); hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + rc = hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + if (rc) { + kfree(finalctx); + return rc; + } cp->slot = hp->lsmid->slot; - return hp->hook.inode_getsecctx(inode, (void **)&cp->context, - &cp->len); + rc = append_ctx(&finalctx, &finallen, hp->lsmid->lsm, + cp->context, cp->len); + security_release_secctx(cp); + if (rc) { + kfree(finalctx); + return rc; + } } - return -EOPNOTSUPP; + cp->slot = LSMBLOB_COMPOUND; + cp->context = finalctx; + cp->len = finallen; + return 0; } EXPORT_SYMBOL(security_inode_getsecctx); @@ -2433,12 +2522,9 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, struct security_hook_list *hp; char *final = NULL; char *cp; - char *tp; int rc = 0; unsigned finallen = 0; - unsigned llen; unsigned clen = 0; - unsigned tlen; switch (display) { case LSMBLOB_DISPLAY: @@ -2471,29 +2557,8 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, kfree(final); return rc; } - /* - * Don't propogate trailing nul bytes. - */ - clen = strnlen(cp, clen) + 1; - llen = strlen(hp->lsmid->lsm) + 1; - tlen = llen + clen; - if (final) - tlen += finallen; - tp = kzalloc(tlen, GFP_KERNEL); - if (tp == NULL) { - kfree(cp); - kfree(final); - return -ENOMEM; - } - if (final) - memcpy(tp, final, finallen); - memcpy(tp + finallen, hp->lsmid->lsm, llen); - memcpy(tp + finallen + llen, cp, clen); - kfree(cp); - if (final) - kfree(final); - final = tp; - finallen = tlen; + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, clen); } if (final == NULL) return -EINVAL; From patchwork Wed Aug 7 22:42:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082849 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 51B631850 for ; Wed, 7 Aug 2019 22:43:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4535828A16 for ; Wed, 7 Aug 2019 22:43:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 39FCF28AD9; Wed, 7 Aug 2019 22:43:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C50E128AC1 for ; Wed, 7 Aug 2019 22:43:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389465AbfHGWnI (ORCPT ); Wed, 7 Aug 2019 18:43:08 -0400 Received: from sonic303-28.consmr.mail.ne1.yahoo.com ([66.163.188.154]:35482 "EHLO sonic303-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388945AbfHGWnF (ORCPT ); Wed, 7 Aug 2019 18:43:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217784; bh=evHJC9ncZObZWsdV91mJQaWQp4N06lnEHXTrDE9oCuc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=CW2xbmvbhlYyynwAUK1ud2SAar7PCSAPO44543smpShkW6n0HQlgwksf2rqFieVfJqQTHLo1uIXewB98ff+50kNXkzR0IS80JND6yZ5II22nvrvorZQZMvLwFq1dbsidvl9JcetX+6M2CfJsAr5RnWbBlJ2RJvkHRamh3OfWRblIeICt1TfYxSd8wxnqbzDrNH9ClUoSopoO6Wis2TFFsaBnhJ+dq6P61NKsW7BsqJxLLDAtochVz5F3eynBPVRBzISfyIbWucx/hwuPscIjh43erYIgULsL9vdTSClvA0o08KVuyMwC3MtJ2eB3nmekCc4GJH9SY30ixrjTT7gkgg== X-YMail-OSG: tMsMKFEVM1lz3O0wuaHoBI5w4.BNw1iRowAqdMqTOt5y.HeKcxkFbdh7M_jHM6R y4CYDhyuzf4u8HKE2PmRj7v33JkO0nGHBRZeWjvikjwXo6UOrhNt2QVMasMfzgAFdcalmSzqJpPJ loXWWHHIOUEbKBaTW1AK6iSTVURYYl92w351TvnTx34v_fA3uKyS5hGQUFYmxon8Tuiaxg7NNyDq fptE8jgt5Lhrb70a1mzpQig3Ysfk.o5jquYiJPsvJ2enUqaMLonCcmGc7yrIE3BKPjFgYA4hC6hI E5HjFNYLmT81BhzC_F12ThMWMSeOBZ4LGNxWG_DOyO.tNEDDlGKNCUB_Hnit3XHhgCDo_.t6Sy5q nWGLM2DGwGI6pnk_Viri7c9P87MCvNQMVOd_fNQsY_EPY0ZvsSnF2sKNfRfqlokStGRzqD0BCJIN WQLlBoWP09M4Y.VW.oXmoVXhGNeIr.Of.gS81aTSAmkVh570DKZPbrpWdHThBl9FOH2aNSYQUDZ1 EbyFjTFIs85jBIKVA1Q8Vg08_7HLTfqkjMND8h3OoehZY.8YeDDgC8inWRDmlVU_zXNdeRtRR.eP UQj8CuUZ.xztACr3cL5kty.9ssXf8madAV3.yPBwrOudJMRz6yXbKuGzF2DLEusQ7zASFbXs0iUM VCXAb6goQVAKYiBwgIu5ksbbBca2.4A5zELaWr78GL39rCWcvPfGOGTBKQhHTNuVe.uD73Wn1pdK jDNhVWGeUVUyPcEU88EWWfZVxenEcTZoTbDQeAlo2Z6U2II9_V5f09bZFpK_0Si2vubLBk_DkAhy HtSEsIPmLf1KDBe81yGIQFA6qczGGpEZFqPZYiirPB1mMIl_mTReKyrSLKOCsN_3jCgRF9Ra5x.L HPnUjEFNJwDLi9zcvRfj3Br1dJj9._A91azrAC6DJpxY.tdzADzn1qI.lnx8ynB31HudBAoRNfD7 JrFLKZmQDsVCtmuqCVx4QvmLFfyAayGuiCqdQeV.a50unU7IVR_lDnEvSLAKFKAFlcj_874Xmqw0 1sx5QIGWn7ntrMJMc6zCQabOYvBrMN_RQbTX.b33aKRZmpPwrEKGd5lpo9HgerfQYBaHRnoBLxXe 0kosn8W1ovcgD0zUKwNJk9yRuzTsVILPRsVcz_mqkpdt85bfLM3YAWGumc.U.sD00_KzznT0BvTR JWI7WL52eRBj6HAWlPeu6brk25X7K2zCikMzE9z56raM_tNqk4p2P.LhCNvtE.llxbDxrilvlrKY Svy2HQq3dr0pAgWpI7wVw7W2sxKdRmUXwFHjVzMqqRjbvin2N4_WoCXZqMHDpzgM2B6IrYGiQTjS uoWnn Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:04 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a922c1f55dc5f6c930e3c4333b468534; Wed, 07 Aug 2019 22:43:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 07/16] LSM: Correct handling of ENOSYS in inode_setxattr Date: Wed, 7 Aug 2019 15:42:36 -0700 Message-Id: <20190807224245.10798-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The usual "bail on fail" behavior of LSM hooks doesn't work for security_inode_setxattr(). Modules are allowed to return -ENOSYS if the attribute specifed isn't one they manage. Fix the code to accomodate this unusal case. This requires changes to the hooks in SELinux and Smack. Signed-off-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++-------------- security/selinux/hooks.c | 7 ++----- security/smack/smack_lsm.c | 10 +++++----- 3 files changed, 21 insertions(+), 24 deletions(-) diff --git a/security/security.c b/security/security.c index c71ddae6760e..e3ea48c87dba 100644 --- a/security/security.c +++ b/security/security.c @@ -1397,24 +1397,24 @@ int security_inode_getattr(const struct path *path) int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - int ret; + struct security_hook_list *hp; + int rc = -ENOSYS; if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; - /* - * SELinux and Smack integrate the cap call, - * so assume that all LSMs supplying this call do so. - */ - ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size, - flags); - if (ret == 1) - ret = cap_inode_setxattr(dentry, name, value, size, flags); - if (ret) - return ret; - ret = ima_inode_setxattr(dentry, name, value, size); - if (ret) - return ret; + hlist_for_each_entry(hp, &security_hook_heads.inode_setxattr, list) { + rc = hp->hook.inode_setxattr(dentry, name, value, size, flags); + if (rc != -ENOSYS) + break; + } + if (rc == -ENOSYS) + rc = cap_inode_setxattr(dentry, name, value, size, flags); + if (rc) + return rc; + rc = ima_inode_setxattr(dentry, name, value, size); + if (rc) + return rc; return evm_inode_setxattr(dentry, name, value, size); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5e7d61754798..021694b4aca7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3125,13 +3125,10 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, int rc = 0; if (strcmp(name, XATTR_NAME_SELINUX)) { - rc = cap_inode_setxattr(dentry, name, value, size, flags); - if (rc) - return rc; - /* Not an attribute we recognize, so just check the ordinary setattr permission. */ - return dentry_has_perm(current_cred(), dentry, FILE__SETATTR); + rc = dentry_has_perm(current_cred(), dentry, FILE__SETATTR); + return rc ? rc : -ENOSYS; } sbsec = selinux_superblock(inode->i_sb); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 341a9927ed5c..f253d569dee6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1264,7 +1264,7 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) rc = -EINVAL; } else - rc = cap_inode_setxattr(dentry, name, value, size, flags); + rc = -ENOSYS; if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) rc = -EPERM; @@ -1278,11 +1278,11 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, rc = -EINVAL; } - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); - smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - if (rc == 0) { - rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), + MAY_WRITE, &ad); rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); } From patchwork Wed Aug 7 22:42:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082839 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7930D14DB for ; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6A21028AB8 for ; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5E86328AD9; Wed, 7 Aug 2019 22:43:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C6C0228AB8 for ; Wed, 7 Aug 2019 22:43:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389603AbfHGWnF (ORCPT ); Wed, 7 Aug 2019 18:43:05 -0400 Received: from sonic314-27.consmr.mail.ne1.yahoo.com ([66.163.189.153]:36280 "EHLO sonic314-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388910AbfHGWnF (ORCPT ); Wed, 7 Aug 2019 18:43:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217783; bh=+C9k0HtbRZZvcGeY/seczH/hhVIlVPgfLu6ERMCE/ew=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=qep4eTgwlJV03g0gDqyPIKGGLrYgqHjrcD0pMKkpwov4YIjeaALbrQAmhNSopKn/31Ss/Q4VmLNOk3s+cJUkJHSR+JO5Agu1fnvzUKFJTl6FK52jLb04I5lOQbiOnCyOYu3lKxT1F50/DGoV4t+NopcFwlYqa5hC1ebNeIWy8g9lnBO9nmcbsla+v1yJ+PeOUx4Z4FO7+S+5swHk47LNfFepvkkVjMCGAGMCQGIPVE9SY6Ccql0/mFh6mOUimV9E/FbBPswJ1tiprqyGHPUeNa1p4vxaM59ImFZymSzooG1Hi8uHKJihwq0P2E8dTNVrRmpoosKy9wHND5+huuhtZw== X-YMail-OSG: .vd5G_YVM1mzyi6gxT8nyrNZ_VRmIiHu2LvasaP7P3nNOZqjWZQPDS_r7lV5f6m QpXo_9HyfSc8gDM3zVNaD_bH2MpfQ45vAdrH289l9yO6u.jcEinKmtB0KdQagNS8SGwtrK.RkwgG OuNiskLJ7yrrRKQAdxVMZU7lOBQKnbgtcDYNP_ezrD8xHGArjBdMFYRusMeiASGZ7hFTcIYFxg2T .cY.eqV7hx41OaHqkdjH.hl4yNZ8iztNJNEtD9_nSfDAuPuQ4UNb8aSQmQvsSSJecaCyCVTcZY5x 1QhkEUQ.0ULWtNcjDknQyn0hvIc72qgytzJxMZeL1tSevKpZ4eGz20sVvZA5Ut0IsE6J9SBxaDNi NCuRSiYgqmrtNkh26_lqLFDUczxgamQUDwl_9_nEdLu5j4wkBvGHGuSpGm0BmSDgEqFHEr_WJpuO 8QCl7h9qAaEZzsh8cawzmVvkFGMt40UfjhwNerRx7F9pquDiU_xWWGfOFnf0nngz1VeJi_EnONo7 iGon672fKcC8lntCXBNPzJqJE2jxdlLH_p7W5sPpph8c0AGgixfCuag1mkQFtnmX7Y_Wd8Uv0u5I Xc_p5pZXDXDzFEgX_Sh749oKfLh5FYd7VaN4iiIu4JVru84zI3xljjwnocV3D27FqboCE5PY6_Hw uXBVEn89HwGBeC_Hrdya5_gXwIG3mwtm1tCG0tycj1aSZiWopvlX6_ztYHOlFKwulSPhPf5jfe0Q hYMhIxp99B9LjOV52eJOsTezfVDufKsWwJ3OQbcfGgrIndiEX5wYvY0aiLEgQcv.WIt.uNQJZijK SI8sfTnGOXs8qj_WBS4F4smgJ0hxCcU773tyZu4PbbEUqHaQF7sMXqc6cwNmwIyXQbhsWTOU3YtN scODkv2Du7OEyZpEfz6Ara4gGKIbYByR9z919BfyrjtnqoVKFKMmIlhaeY9RtKem9l.NJ0C.bL1m jufQNslWmkR.E0q9LWIZLwN_NQGgMxTU7s8AKGkrOkAb9RwuoLHE81bK5YO1Nwwsi2JsJiWoq1q_ XBISRJoZ52esVLiJ9ac9jywDyhlXvlskPWoNKQuooQnFSmZsaMtI6g2C1eclkwl4OntDxAlBueF4 owfiN_lKhBLPhiL_SEay83yN1H7bV1WhdYRmK6LR2HAvzcEWrAEQucksGhze85nLQnlwVFN2oZLD czqXQcyU5yD9dyi90UXc_VYdWofY2hlfTFD39EtOxa_lrvrGtTbnJPtOIhXh2VYemAZy5u5vMT8W LwLOcgHXN6zZueJZ6eNQzOS.WWWG7NZi8NMxDK_6Ol1q6aHOKHtAxq51oSR9Jff8trFaCDP6gX1f Mu0VaUQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:03 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a922c1f55dc5f6c930e3c4333b468534; Wed, 07 Aug 2019 22:43:01 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 08/16] LSM: Infrastructure security blobs for mount options Date: Wed, 7 Aug 2019 15:42:37 -0700 Message-Id: <20190807224245.10798-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Manage LSM data for mount options in the infrastructure rather than in the individual modules. This allows multiple security modules to provide mount options. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 +++++ security/security.c | 18 ++++++++++++++++++ security/selinux/hooks.c | 31 ++++++++++++++++++------------- security/smack/smack_lsm.c | 19 +++++++++++++------ 4 files changed, 54 insertions(+), 19 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index b0f788bf82b6..a54a2f4788af 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2060,6 +2060,7 @@ struct lsm_blob_sizes { int lbs_key; int lbs_msg_msg; int lbs_task; + int lbs_mnt_opts; }; /* @@ -2148,4 +2149,8 @@ static inline int lsm_task_display(struct task_struct *task) return LSMBLOB_INVALID; } +#ifdef CONFIG_SECURITY +void *lsm_mnt_opts_alloc(void); +#endif + #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/security.c b/security/security.c index e3ea48c87dba..6dbc7ed2a00d 100644 --- a/security/security.c +++ b/security/security.c @@ -183,6 +183,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) #ifdef CONFIG_KEYS lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key); #endif + lsm_set_blob_size(&needed->lbs_mnt_opts, &blob_sizes.lbs_mnt_opts); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); @@ -321,6 +322,7 @@ static void __init ordered_lsm_init(void) #ifdef CONFIG_KEYS init_debug("key blob size = %d\n", blob_sizes.lbs_key); #endif /* CONFIG_KEYS */ + init_debug("mnt_opts blob size = %d\n", blob_sizes.lbs_mnt_opts); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); @@ -779,6 +781,21 @@ static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, return 0; } +/** + * lsm_mnt_opts_alloc - allocate a composite mnt_opts blob + * + * Allocate the mount options blob + * + * Returns the blob, or NULL if memory can't be allocated. + */ +void *lsm_mnt_opts_alloc(void) +{ + if (blob_sizes.lbs_mnt_opts == 0) + return NULL; + + return kzalloc(blob_sizes.lbs_mnt_opts, GFP_KERNEL); +} + /* * Hook list operation macros. * @@ -974,6 +991,7 @@ void security_free_mnt_opts(void **mnt_opts) if (!*mnt_opts) return; call_void_hook(sb_free_mnt_opts, *mnt_opts); + kfree(*mnt_opts); *mnt_opts = NULL; } EXPORT_SYMBOL(security_free_mnt_opts); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 021694b4aca7..65bd62dca9e9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -383,14 +383,20 @@ struct selinux_mnt_opts { const char *fscontext, *context, *rootcontext, *defcontext; }; +static void *selinux_mnt_opts(void *mnt_opts) +{ + if (mnt_opts) + return mnt_opts + selinux_blob_sizes.lbs_mnt_opts; + return NULL; +} + static void selinux_free_mnt_opts(void *mnt_opts) { - struct selinux_mnt_opts *opts = mnt_opts; + struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts); kfree(opts->fscontext); kfree(opts->context); kfree(opts->rootcontext); kfree(opts->defcontext); - kfree(opts); } static inline int inode_doinit(struct inode *inode) @@ -638,7 +644,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, const struct cred *cred = current_cred(); struct superblock_security_struct *sbsec = selinux_superblock(sb); struct dentry *root = sbsec->sb->s_root; - struct selinux_mnt_opts *opts = mnt_opts; + struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts); struct inode_security_struct *root_isec; u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; u32 defcontext_sid = 0; @@ -653,7 +659,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, server is ready to handle calls. */ goto out; } - rc = -EINVAL; + /* Don't set any SELinux options. Allow any other LSM + that's on the stack to do so. */ pr_warn("SELinux: Unable to set superblock options " "before the security server is initialized\n"); goto out; @@ -980,16 +987,17 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, static int selinux_add_opt(int token, const char *s, void **mnt_opts) { - struct selinux_mnt_opts *opts = *mnt_opts; + struct selinux_mnt_opts *opts = selinux_mnt_opts(*mnt_opts); if (token == Opt_seclabel) /* eaten and completely ignored */ return 0; if (!opts) { - opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL); + opts = lsm_mnt_opts_alloc(); if (!opts) return -ENOMEM; *mnt_opts = opts; + opts = selinux_mnt_opts(opts); } if (!s) return -ENOMEM; @@ -1042,10 +1050,8 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len, rc = selinux_add_opt(token, val, mnt_opts); if (unlikely(rc)) { kfree(val); - if (*mnt_opts) { + if (*mnt_opts) selinux_free_mnt_opts(*mnt_opts); - *mnt_opts = NULL; - } } return rc; } @@ -2645,10 +2651,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) rc = selinux_add_opt(token, arg, mnt_opts); if (unlikely(rc)) { kfree(arg); - if (*mnt_opts) { + if (*mnt_opts) selinux_free_mnt_opts(*mnt_opts); - *mnt_opts = NULL; - } return rc; } } else { @@ -2671,7 +2675,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) static int selinux_sb_remount(struct super_block *sb, void *mnt_opts) { - struct selinux_mnt_opts *opts = mnt_opts; + struct selinux_mnt_opts *opts = selinux_mnt_opts(mnt_opts); struct superblock_security_struct *sbsec = selinux_superblock(sb); u32 sid; int rc; @@ -6640,6 +6644,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { #ifdef CONFIG_KEYS .lbs_key = sizeof(struct key_security_struct), #endif /* CONFIG_KEYS */ + .lbs_mnt_opts = sizeof(struct selinux_mnt_opts), .lbs_msg_msg = sizeof(struct msg_security_struct), .lbs_sock = sizeof(struct sk_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f253d569dee6..a9fb5f53a248 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -557,26 +557,33 @@ struct smack_mnt_opts { const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; }; +static void *smack_mnt_opts(void *opts) +{ + if (opts) + return opts + smack_blob_sizes.lbs_mnt_opts; + return NULL; +} + static void smack_free_mnt_opts(void *mnt_opts) { - struct smack_mnt_opts *opts = mnt_opts; + struct smack_mnt_opts *opts = smack_mnt_opts(mnt_opts); kfree(opts->fsdefault); kfree(opts->fsfloor); kfree(opts->fshat); kfree(opts->fsroot); kfree(opts->fstransmute); - kfree(opts); } static int smack_add_opt(int token, const char *s, void **mnt_opts) { - struct smack_mnt_opts *opts = *mnt_opts; + struct smack_mnt_opts *opts = smack_mnt_opts(*mnt_opts); if (!opts) { - opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); + opts = lsm_mnt_opts_alloc(); if (!opts) return -ENOMEM; *mnt_opts = opts; + opts = smack_mnt_opts(opts); } if (!s) return -ENOMEM; @@ -724,7 +731,6 @@ static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) kfree(arg); if (*mnt_opts) smack_free_mnt_opts(*mnt_opts); - *mnt_opts = NULL; return rc; } } else { @@ -767,7 +773,7 @@ static int smack_set_mnt_opts(struct super_block *sb, struct superblock_smack *sp = smack_superblock(sb); struct inode_smack *isp; struct smack_known *skp; - struct smack_mnt_opts *opts = mnt_opts; + struct smack_mnt_opts *opts = smack_mnt_opts(mnt_opts); bool transmute = false; if (sp->smk_flags & SMK_SB_INITIALIZED) @@ -4561,6 +4567,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { #ifdef CONFIG_KEYS .lbs_key = sizeof(struct smack_known *), #endif /* CONFIG_KEYS */ + .lbs_mnt_opts = sizeof(struct smack_mnt_opts), .lbs_msg_msg = sizeof(struct smack_known *), .lbs_sock = sizeof(struct socket_smack), .lbs_superblock = sizeof(struct superblock_smack), From patchwork Wed Aug 7 22:42:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082853 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9139514DB for ; Wed, 7 Aug 2019 22:43:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 84D5B28A16 for ; Wed, 7 Aug 2019 22:43:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 797EC28ABC; Wed, 7 Aug 2019 22:43:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2322A28A16 for ; Wed, 7 Aug 2019 22:43:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389610AbfHGWnJ (ORCPT ); Wed, 7 Aug 2019 18:43:09 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:43853 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388945AbfHGWnJ (ORCPT ); Wed, 7 Aug 2019 18:43:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217787; bh=oBuorhWhLY+mZRjcw9jSzrMoHev7NoX57JzR1/BKE8Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=o+NvleavV5EtFaBjOoquP5bi2g7WbBfvNHaXbsgz6n/OCJAqPDFdldoDBkrJxdpdzJpygX1i1a+vyDE7PYn9rsThmrS7vN6ZSun2sxTX+2RA7KfganoXmquvU0RJqpDbdW7JRAicoyXLroiPi/8u+E0l4CA79b9mGA6GoMIFbK93smvR0AifZl8r2PKmhvt57pLQVgrlvDVlItoYkm1x78ZhOR+fBHmxqMINlROaI3vhB6DeEMKZRxh6TGeKYZEUd+VducbUP8gQgFTT4BEwl8GEZbMrdOGPe8X//N1Izf5HvfMNvxWMQkQOlJxtYa5oAInPUBtMQJ4unt8zNnUEFg== X-YMail-OSG: G6ewfYMVM1mydPDKko0vEQoXJkcz7kEB0ViDQG3pnQN40NrfTi6ZFlRVNDWq.4D FHe2PLw3GKYHZ2qxwsA5RYjQxiFhR_sWug8LzaOd04QAM6qtbw9ed79VVXtQQeYTa_jKjjx2qb9k nKHi9HUOaL.9TknWCZnMtrEZLCQAwzOjRzqAlgiSF_38ToQshs0omtyCHzlpdvyk_dg.cyaFBgf5 Ua3qqNH35pPKYg3cLFwlplA.n7ABUdluE2W9uMAmmgTU34xZGV_i_e8ycaBc3iJGmHmq2vSaY77q kyQ6P..69wGo_.KtRBz7g4rCmk_OFG5PL58YJ0kg6XmwoSqXUguxVAhhooGA6jh2ZxUEIZdOL0ig TP7D4fzi9fte29NyO11KoRZXZ7Kd785JGQc1.02LNB7dcoq_qwzuFVklzWUV8kFA3is2E8zlbW7H e0YeHVyBERWq_xkRBALx02sYTwX_zDR0MPMNneCwv2AM_8iX2jptFTcXSpTzNHLykbEI4abPXea6 WOHK28OtyrOJ5w9.1ENnlbdUCOVfkbB9FoMKmxV.gTr7_zdM2DRWuF78vuj3hXTgG0ewYj5WhweC YAfYx1IR9bM_4hcSGwtQIlSSN3_V3BIwLtw1YWrX7mdP.naN7omSQxgimyUlChaWHu.a_ext8OyD 2tURV6EVl36LX5oTUdSgLpogCSjCPQzLk81Oe2BjgH1Ffl6OZ05s_kmmerRoUOpV_95eAHr2Y17Z 5eWDhY5tieAGTdcGBLPGK52Qs62eT0GGCVdkEpBbX5t_yj2gy3xqH94_LWy_QAUrraMW1M4erTdu 7lBl2brnrkhWH_XLj3PrgtAdpvucRIUN_q45qaSsDUJRkKHm5Mlq3uIu7Wilt6k6_0DG3ioT2Lwp 6LVm2XPkNLdh_rTYMfzVJ0TJn9HQ4_yv9zKU.9psybkBPvar9w2ptII3uZhH.2JijsyZRe66eUtd GHbXz8tqN9sKoosVwv3j6n2kF3wXi6P2KHX1l0fcAjurqMX1dVtSMx5TofvfJJvU0EHRdJvsB0R2 MIZSLkJznj0Q9bnn54skFpF2TfjJqXq9OHn34tE_O8QlmkKqrZNoCdaiLPXokO3m9FCu4hlM5G2z k1vAXJhZuGdp1EYsvHzx5nj5vCj3Ttyynvt3RALZ8ySUSLk39CMYufDBlJ_U3nVTMwuQHvKmQN_2 wMWkrUy2yxhvIUvb5Qpz2EiqwLqbUpneNjqkYlwfZEgaEQvFi8oG4VJv.oq9.bNxYw5BXOPyxAvO AR8Km9vFdTfULGI8czgdkC6A5UkAIigM5Fkru2NWyOEZCnQKPdjqZQg9X6dMrFU1WDvSBkxzLlym tVrDAs__xvA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:07 +0000 Received: by smtp401.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 90d0e6b59b40235a6b1cae6254f016be; Wed, 07 Aug 2019 22:43:06 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 09/16] LSM: Fix for security_init_inode_security Date: Wed, 7 Aug 2019 15:42:38 -0700 Message-Id: <20190807224245.10798-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The code assumes you can call evm_init_inode_security more than once for an inode, but that won't work because security.evm is a single value attribute. This does not make EVM work properly, but does allow the security modules to initialize their attributes. Signed-off-by: Casey Schaufler --- security/security.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/security/security.c b/security/security.c index 6dbc7ed2a00d..325e745ac8f5 100644 --- a/security/security.c +++ b/security/security.c @@ -1158,11 +1158,24 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, if (unlikely(IS_PRIVATE(inode))) return 0; - if (!initxattrs) - return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, - dir, qstr, NULL, NULL, NULL); + if (!initxattrs) { + rc = -EOPNOTSUPP; + hlist_for_each_entry(p, + &security_hook_heads.inode_init_security, + list) { + rc = p->hook.inode_init_security(inode, dir, qstr, + NULL, NULL, NULL); + if (rc == -EOPNOTSUPP) { + rc = 0; + continue; + } + if (rc) + break; + } + return rc; + } - repo = kzalloc((LSM_COUNT * 2) * sizeof(*repo), GFP_NOFS); + repo = kzalloc((LSM_COUNT + 1) * sizeof(*repo), GFP_NOFS); if (repo == NULL) return -ENOMEM; @@ -1173,18 +1186,20 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, rc = p->hook.inode_init_security(inode, dir, qstr, &repo[i].name, &repo[i].value, &repo[i].value_len); + if (rc == -EOPNOTSUPP) + continue; if (rc) goto out; - rc = evm_inode_init_security(inode, &repo[i], &repo[i + 1]); - if (rc) - goto out; - - i += 2; + i++; } + rc = evm_inode_init_security(inode, &repo[i], &repo[i + 1]); + if (rc) + goto out; + rc = initxattrs(inode, repo, fs_data); out: - for (i-- ; i >= 0; i--) + for (i++ ; i >= 0; i--) kfree(repo[i].value); kfree(repo); return (rc == -EOPNOTSUPP) ? 0 : rc; From patchwork Wed Aug 7 22:42:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082857 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 847D21399 for ; Wed, 7 Aug 2019 22:43:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 76AE928A16 for ; Wed, 7 Aug 2019 22:43:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6A7FE28ABA; Wed, 7 Aug 2019 22:43:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C461D28A16 for ; Wed, 7 Aug 2019 22:43:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389519AbfHGWnK (ORCPT ); Wed, 7 Aug 2019 18:43:10 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:38982 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389607AbfHGWnJ (ORCPT ); Wed, 7 Aug 2019 18:43:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217788; bh=AEYYZjFov+FpeHARfZlOtSrlGNS2iAoF8Ic5MRqdp20=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Bx+aL637SRKRLBVgQM0/y4SgqZ478HpmgTpZUyc+qW132jmWaeKf5X+OV2KEFwLlHi3xCp8RLL5z0l9dWkVZ1nhjitAQbu+jr+OwdUcKPXWYoa23y0ZNtn23rDfHZZ3g/iIs/pBDpZDXxdg8CRzK0wRzIYJ/bqnZsVHGws+mVOhrm9cq+Uuy1ZuHSPFs3xXiYpdX1g0SjqAmljDt78UbSxQY8LZRQNeOjQlravt6XY72TQ9wV5qo4VJjbUla5Ci3oDbmto8HPXGg3Hml83+pmoNdjG80siOksHVI+H25Xmc5U58G3HtugmmNF4S3e6GPYSxklhNCTZ7bSixFESZeZA== X-YMail-OSG: e_eUUl8VM1m_5BW95T1VWAjVh9L3J.oYyPX8WSOFzmSpRZygm8Nv3pq_ALsrf88 laXZrjeWYSqJGwtSJeMDisyj568AJxFVu5HJAuDJwEBC49akcQ1CjLnCoeBLtJOZiQeiRNJ6C8ue DR6kltSUbx__SvChV1dk9OfvBeenJT70FwcObiN_yhNGbWN3JnUA91mOrtK4tLeT30CaeQF_b4.7 WOlvT79aRwBAF2afZBESC5gdbIkO7CA05IV4TJtEGeh7TzFOVXvjhcN82uHiUr3nH2BcOdcRgguO w33sNCdwNIhgs.zSk29IbPh2uej43DQwQpAPrx_K3ppIhgJmEUvgASBz0.Mq8hV9c.JgRJmj3U53 Wa97jTxpIdIaKjiwFqy_nebuxdAsKCRfREL8hG9p9ySKAk112Zp3DWlLg78nnc10ynJ9fvEu_XgQ u9sFdOfFxvtGHdf35EtDegmYpJAz.C2YAVu7_oavPgsIYOqFgS9uGLeCGfCNMmuaTFZTPyg0_dFN zmw8Itp.I07i.W3G503GvgmvOV5fR7chNxRBScrIZ0BxPytNMP7DRiP_Xzp_VakvJl3Piu1auywq Dy.q03OK3n95vW3t1oHZ1j4dTtLaWTBtaDgOhYo7FCqi934iFwuS.H2wdVuj8XyKrDaQrM9MBXGD FlikbXxW_aseRSnpjUOD8SBJ7voE4JEgZo.1X_NoAq5rU8nBrw0l1hyiWDtJBpBS9vd5dIfECqmc cwyxDzOdtyBiPXkjmtWcS46cPtB8q5PODiONrZOjdytHhGobnXH1E2sjcGAEo9MiRe46_mywFIMC fcsuKXJWzZ_8qo1n.xE8WPdJt.Rs6xqCP3LyQ2QvURU_CMy4ES1qFvua6tIEncPC4PE6UGRptz.B Y39GRPYVspDu3fqrSl4pNlVTNiRG7eYbDD2UNGaeKy8OsKwBBSsydC8P_978H0v4ZOYleHvrZRL5 5Ohzm3oeOQpLrOd0QIHwyjAbpLc_vQP0om.TV26.oZrelFwlOEf6XpLFj91MjF_XdLpp5P_Jyo84 4V9iEGhnvGzC9C.YJp5kMJCDhkH7P_eoE6iG8dH_oREh05XPDLo492nTl.JUDFh._2RLQkxM0J9u v2tjJG78Sjb9hDG9.tIiQ06pfNqyCGpDsgFA5TIBtntKHUR6r8mz4aj4i926cRz.flOoFQmnr976 KAEJ34iKJQ2ERAFRyy.QmZ.ZJTyZPBSeAr.LEAZmh5hxAeBvhhlWeyn6NVmwoR.ivU1YZiI88tlg Vbh6IQCmJ_k.GxrUJwZcK6210MdjiFpUs2dGLTYVImPSaXZ6rcOKKMrY5OoM.U18aqHce0mRgTDZ otS6TzSU- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:08 +0000 Received: by smtp401.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 90d0e6b59b40235a6b1cae6254f016be; Wed, 07 Aug 2019 22:43:07 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 10/16] LSM: Change error detection for UDP peer security Date: Wed, 7 Aug 2019 15:42:39 -0700 Message-Id: <20190807224245.10798-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP security_socket_getpeercred_dgram() supplies secids for use by security_secid_to_secctx(). Sometimes a secid will be invalid. Move the check for an invalid secid from the LSM specific socket_getpeercred_dgram hooks into the secid_to_secctx hooks. This allows for the case where one LSM (Smack) will provide a secid and another (SELinux) to have an error for the same call. Regardless of which LSM the caller wants to see the peer security attributes for the correct result will be provided. As there is no longer any reason for security_secid_to_secctx() to return a value make all the secid_to_secctx functions void instead of int. Add checking for a invalid secid to the Smack and SELinux secid_to_secctx hooks. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 3 +-- include/linux/security.h | 11 +++++------ net/ipv4/ip_sockglue.c | 4 +--- security/security.c | 12 ++++-------- security/selinux/hooks.c | 10 ++++++---- security/smack/smack_lsm.c | 15 +++++++++------ 6 files changed, 26 insertions(+), 29 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a54a2f4788af..67797c67093b 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -881,7 +881,6 @@ * @sock contains the peer socket. May be NULL. * @skb is the sk_buff for the packet being queried. May be NULL. * @secid pointer to store the secid of the packet. - * Return 0 on success, error on failure. * @sk_alloc_security: * Allocate and attach a security structure to the sk->sk_security field, * which is used to copy security attributes between local stream sockets. @@ -1699,7 +1698,7 @@ union security_list_options { int (*socket_sock_rcv_skb)(struct sock *sk, struct sk_buff *skb); int (*socket_getpeersec_stream)(struct socket *sock, char **optval, int *optlen, unsigned len); - int (*socket_getpeersec_dgram)(struct socket *sock, + void (*socket_getpeersec_dgram)(struct socket *sock, struct sk_buff *skb, u32 *secid); int (*sk_alloc_security)(struct sock *sk, int family, gfp_t priority); void (*sk_free_security)(struct sock *sk); diff --git a/include/linux/security.h b/include/linux/security.h index 2f442746dede..0e699d4ed13a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1329,8 +1329,8 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len, int display); -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, - struct lsmblob *blob); +void security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + struct lsmblob *blob); int security_sk_alloc(struct sock *sk, int family, gfp_t priority); void security_sk_free(struct sock *sk); void security_sk_clone(const struct sock *sk, struct sock *newsk); @@ -1470,11 +1470,10 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, return -ENOPROTOOPT; } -static inline int security_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, - struct lsmblob *blob) +static inline void security_socket_getpeersec_dgram(struct socket *sock, + struct sk_buff *skb, + struct lsmblob *blob) { - return -ENOPROTOOPT; } static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 447fe60af0cd..c28cbb15cee2 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -134,9 +134,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) struct lsmblob lb; int err; - err = security_socket_getpeersec_dgram(NULL, skb, &lb); - if (err) - return; + security_socket_getpeersec_dgram(NULL, skb, &lb); err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) diff --git a/security/security.c b/security/security.c index 325e745ac8f5..e726fc7c6712 100644 --- a/security/security.c +++ b/security/security.c @@ -2612,22 +2612,18 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, return rc; } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, - struct lsmblob *blob) +void security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + struct lsmblob *blob) { struct security_hook_list *hp; - int rc = -ENOPROTOOPT; hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.socket_getpeersec_dgram(sock, skb, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - break; + hp->hook.socket_getpeersec_dgram(sock, skb, + &blob->secid[hp->lsmid->slot]); } - return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 65bd62dca9e9..91ef2ae77abb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4954,7 +4954,8 @@ static int selinux_socket_getpeersec_stream(struct socket *sock, char **optval, return err; } -static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +static void selinux_socket_getpeersec_dgram(struct socket *sock, + struct sk_buff *skb, u32 *secid) { u32 peer_secid = SECSID_NULL; u16 family; @@ -4977,9 +4978,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * out: *secid = peer_secid; - if (peer_secid == SECSID_NULL) - return -EINVAL; - return 0; + return; } static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) @@ -6321,6 +6320,9 @@ static int selinux_ismaclabel(const char *name) static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) { + if (secid == SECSID_NULL) + return -EINVAL; + return security_sid_to_context(&selinux_state, secid, secdata, seclen); } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a9fb5f53a248..2d88983868e8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3970,8 +3970,8 @@ static int smack_socket_getpeersec_stream(struct socket *sock, char **optval, * * Sets the netlabel socket state on sk from parent */ -static int smack_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) +static void smack_socket_getpeersec_dgram(struct socket *sock, + struct sk_buff *skb, u32 *secid) { struct netlbl_lsm_secattr secattr; @@ -4025,9 +4025,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, break; } *secid = s; - if (s == 0) - return -EINVAL; - return 0; + return; } /** @@ -4426,7 +4424,12 @@ static int smack_ismaclabel(const char *name) */ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) { - struct smack_known *skp = smack_from_secid(secid); + struct smack_known *skp; + + if (secid == 0) + return -EINVAL; + + skp = smack_from_secid(secid); if (secdata) *secdata = skp->smk_known; From patchwork Wed Aug 7 22:42:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082859 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 97AAD1399 for ; Wed, 7 Aug 2019 22:43:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B54D28A16 for ; Wed, 7 Aug 2019 22:43:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7FF6E28ABA; Wed, 7 Aug 2019 22:43:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 22A2F28A16 for ; Wed, 7 Aug 2019 22:43:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389612AbfHGWnL (ORCPT ); Wed, 7 Aug 2019 18:43:11 -0400 Received: from sonic309-22.consmr.mail.bf2.yahoo.com ([74.6.129.196]:32904 "EHLO sonic309-22.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389607AbfHGWnL (ORCPT ); Wed, 7 Aug 2019 18:43:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217789; bh=cZckcKroyE9hVppfJuatCczXzPUypk7t5AekfRZYxm4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=mnyB5sIrudKmrfDmYoVW24HoAzrrbAOFZ1YmDenl5IrX96IO2f3peedzuIh/FwGbkKhhSVT6ytm+RXsHC5IzYCGG63zA+Hs8fztGKHEHBpRG5X7ZsS+PU82xK3GOAnKeF68Xf+l1VelbgAixim7NIBSYsyMoSKg7tHOKD4r2j2LlHVTM2+swI2Kd7vaip8fZDOq7Y/Su6t9RRDSwJNG8/ba5TITbFywaG58RRdZe2n/ijxI0O2s6CojtQjgkrucozPEzqSdLl0LO20ldy2H7700EiaamX/fz9OcCLKwPJrx+ci0ShVfxDYk+I7LG62QHUAhZJCdBBMyyMfjxzY/ECA== X-YMail-OSG: ucejMUwVM1kooXv3VSHOHDUQVsucoTAfXnNhzYANz5ob.dxrRL5jYYPpY8aPTHl _qoz5pLWSq.OnbVA14PmM.CMB6O4p0fKZsD_l5l4y.O6io6281gbjd5pg3cOv3CGI1jQKbFo7ZMx yQFUrlD2i1kYgVmE82DxTuPR98aJDLu2E2w..qUOI7se3iyTmXARUa_smq.B4prqJ_IsClDFyTYk EUajYOQ.2omtuvvGJfhAUUOWQJeqRBYyAXtFkK4UfXhu4bIOdxxjcmQGgGOeuPlmTA8xcVvOhCUC 46HS00sSvdDSX5UFIwbejYeT1f6CN0BxtBXQzLlYUo.WxaoKGDFj2j4p1JQt6G9EgoLH1U9UCL1l 7I8FlS8jKoPSWcSPlohAyxLD_9rjarb6aHd.kNbD2ANGzcqQMilurLcUikHse5ufjL3AKQlA6RdW sfrLKTqYfSrqnPHaGTXYNG2rMRPFYz348vStER4YQqOpdRcVN2DNPFTNO.532_TL.dYwaFLju9YH 0tVwlmWycQORBEeW36eytilFmF53Z3KGhVjwi_1grtu_CsIHbElVfiE989Zdu9RkWvYqM_j0DXd8 OUgS31.g3nZ48cIXa5Q_mSoe79H0pbe5V0FjK6gK70g9YlKR77PU8DNuwpBHHbYLr0SDYNz5Pvzq LC39XqUNPVgJD1KOW4b0mSXLGRkZDVWkNNrWbXi520v_2WkA4JGvmphV8cx7stlPuWpmeET.ReWe 7r0wsT9gLq9ZDDtWzz1TlTKWSx8tbXA3YOS_qFLfD_pOhc6bgxJrDLE97uGC0hRYOKuEIdNtb1gg chQqA4JJB2nQ6p_3afGsVIS_Hn7xxSuFj.1n0I6uR6kNeUv5JfqiNgAcVgr0Yb0d0zXpR_4I3TY. 4QgRVuN_kPP9H8la8JEK.wcTalfAugguiwduTLsHxIbViN9bB950txKC4rwkaPYApBHIOYJRH3hN yG.IRiqGwQjtm0_e8WDxwP4BM.cTJmV3huRwbYV.ZgDgat5C32stwFwN8cBeLAPpEyXRTzJ0krbh S.O5KSzf6LgRMJwdXt67fUnH.onOuT_Jo0tuRkqXGuoJm1KIQ7v_NN6CnB0LywOBNWEhmh7n83Dr OtFgwMYyx7gXF9pELZa2vOME9vuLjJtmWXpWA9YU0qCeuyIbjCYPyBagD82v0KYIn5NafKoidCRY JkkUdu07kk9_.JOOyNCTFCHftadPlq7JoEnVbEyIc5IVHkaHPoviBMhdPVORCd1IX48ynLSFkRJH bOoyDrQXEO.qynlkpCNlknFFK.azA_rDN2zzIzE.hlVmQ5dTbzr0Al.EmiZMTG2rGjfnK2Wki4NX CUi0dG5ot Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:09 +0000 Received: by smtp401.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 90d0e6b59b40235a6b1cae6254f016be; Wed, 07 Aug 2019 22:43:09 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 11/16] Netlabel: Add a secattr comparison API function Date: Wed, 7 Aug 2019 15:42:40 -0700 Message-Id: <20190807224245.10798-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add a new API function netlbl_secattr_equal() that determines if two secattr structures would result in the same on-wire representation. Signed-off-by: Casey Schaufler --- include/net/netlabel.h | 8 ++++++ net/netlabel/netlabel_kapi.c | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 6c550455e69f..fc4fca7d65d3 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -472,6 +472,8 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, u32 offset, unsigned long bitmap, gfp_t flags); +bool netlbl_secattr_equal(const struct netlbl_lsm_secattr *secattr_a, + const struct netlbl_lsm_secattr *secattr_b); /* Bitmap functions */ @@ -623,6 +625,12 @@ static inline int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, { return 0; } +static inline bool netlbl_secattr_equal( + const struct netlbl_lsm_secattr *secattr_a, + const struct netlbl_lsm_secattr *secattr_b) +{ + return true; +} static inline int netlbl_enabled(void) { return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 724d44943543..a0996bdc8595 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -1462,6 +1462,56 @@ int netlbl_cache_add(const struct sk_buff *skb, u16 family, return -ENOMSG; } +/** + * netlbl_secattr_equal - Compare two lsm secattrs + * @secattr_a: one security attribute + * @secattr_b: the other security attribute + * + * Description: + * Compare two lsm security attribute structures. + * Don't compare security blobs, as those are distinct. + * Returns true if they are the same, false otherwise. + * + */ +bool netlbl_secattr_equal(const struct netlbl_lsm_secattr *secattr_a, + const struct netlbl_lsm_secattr *secattr_b) +{ + struct netlbl_lsm_catmap *iter_a; + struct netlbl_lsm_catmap *iter_b; + + if (secattr_a == secattr_b) + return true; + if (!secattr_a || !secattr_b) + return false; + + if ((secattr_a->flags & NETLBL_SECATTR_MLS_LVL) != + (secattr_b->flags & NETLBL_SECATTR_MLS_LVL)) + return false; + + if ((secattr_a->flags & NETLBL_SECATTR_MLS_LVL) && + secattr_a->attr.mls.lvl != secattr_b->attr.mls.lvl) + return false; + + if ((secattr_a->flags & NETLBL_SECATTR_MLS_CAT) != + (secattr_b->flags & NETLBL_SECATTR_MLS_CAT)) + return false; + + iter_a = secattr_a->attr.mls.cat; + iter_b = secattr_b->attr.mls.cat; + + while (iter_a && iter_b) { + if (iter_a->startbit != iter_b->startbit) + return false; + if (memcmp(iter_a->bitmap, iter_b->bitmap, + sizeof(iter_a->bitmap))) + return false; + iter_a = iter_a->next; + iter_b = iter_b->next; + } + + return !iter_a && !iter_b; +} + /* * Protocol Engine Functions */ From patchwork Wed Aug 7 22:42:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082875 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D14A51850 for ; Wed, 7 Aug 2019 22:43:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C412828ABC for ; Wed, 7 Aug 2019 22:43:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B817828ABA; Wed, 7 Aug 2019 22:43:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 11E6928AC1 for ; Wed, 7 Aug 2019 22:43:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389628AbfHGWnR (ORCPT ); Wed, 7 Aug 2019 18:43:17 -0400 Received: from sonic309-22.consmr.mail.bf2.yahoo.com ([74.6.129.196]:37360 "EHLO sonic309-22.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389627AbfHGWnR (ORCPT ); Wed, 7 Aug 2019 18:43:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217794; bh=an+JziXz8H4AvWcfkwZGI8Zlibq8Fr6kfkg9d3Edf6g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=UcxE4rhwDg5RqpfWvJCyyszXTNaaRvzoWLG0EJPn7vzZv8LwWeLRWBiKsOjAjEmRSEsu80bh+6Qf2q+mt7dao/7o8sdSwhS+Hr11yqfd25a/pqmc3wqKVc/6aVg5C+k/BFG4gKYIUBD/I0zUKPKN+WO+y2P/HDks+wIhMB2RAMZ1oDZOzqE8mIs2RbGc4U6PfN1eJf8xVyCbOJi4iBz99AvJa8UsrHz1rZB9rAbhAisSg89zcpfJGC3L2ujEAM0aAAsg6xGHs+Zp9FwnwJ015omfvHgTqhMjUuutQ5rIC5q3M4CO3kTQspgMUU+OqCyxRLj2ojGFBrE6qgIThckc5Q== X-YMail-OSG: OhmH5ZIVM1mHzdL3VUF5Vda1Ap3YpVmDqtYJ2XDeeTYDOchy8iA.Xy5mwSLFjrY J.jWDKT.bXLFlJ4CWROjBH5KBRJkki3On0M.uyqcYHkBQYfXbbf8vqcZ7tBl58OG7Narr1nvVvNf yGXLQ3xtTwci0rtrMLvfLfKnT3zcR7EgknZMdu1seEpVlLN9LvGS79gj3hqUmOxlx6nlHyAzh7ob Y8KCNt5jRmiQBFfKFGI4N8Uwb6ZbGbuO7DBQ3L5YG9LGs3o1kPimPncSUeN14jWW_6dCc6KUphEM RtJbiyxpH8RwmIfmPUtkywlROH7.QOjDYdu.pk00wTMUwsSQa7IEM7jzgnczUKQLcxnf2B6vIltM imreyl.jqAsVv3v8F5fbieCAu5J3gNABQQOP7fFmvK2oth6gvoFpLH3yDkByE19eNdXjORjAeaZD B0dOQppnSiA2W2F06NLzJME_D13u3lxspKl3eqW7L0.U_VmYWJBCWzejBtWptUusIE7ZV86Aj965 gqeiO1Ny4aGFSivNxpeICXVmCZkbX30ZlP2HA57rVIf5mSTZ8nG5uRw96VbrWROT4ZhLyz_5wW_U 7Gcpr0SRH2dmNGy2i_dw58iWHn9MQuHgEazb6UVCipBo_H7xzBOON33M6k9qrrUbM2_L.DkTzMbV KJGyVJIbA2QXmB7VeDAXzS8SGn1AZhtmE1IP_srjPpayR5_Iwb033a2DXV.zq1jUPiHfKxfUdHHu YOBcsK1.7w_A76X29AkFPuCHjOq_PIOI9QW5KHM3rUQQN1Z4vPcO3.CXVaJmDnVnoJCUeE_X61HJ 1POZcP3PbUPtHDYq1i0TBJXqIJ.yxT01wVxp5UgmJUAieZUSMYAvGAg_EcQvjnXXgqFLXmGI_kZ3 9aRxWklwMq.0NOw9b1QWKigF6IOTI5A_74NFoKTqUZP8t4XM20h_hgSYLwL6Xa04rzFmqfSZKB6O .G5WBfKkWfKBXRKnk0QdUT2lDqo.JzeHWjdNr220KSkbHBsrWYAstRxi9fuBNWgdOyPCh8GIEzag MP7aDz3hNLiB6edhNykzVWWp0DMhr.ROe0SGwOwwwuliHHNH.Gf0QdiFafvMIEJY4i3GzaNBJHkg Yw9tKVVzgF1V5ry0vWniQZFMu8yogdfSq0S0U7PtcMEfw.EwRoLM5FOaIQl.jCSxIsPK28sfI8lu 9lqLo5RuNRf3iFftznhuzcHWPp0jQ4XSWuBHfjiyPCPeGHBQL5AVqK_t.hcsQ0JaFOPP9la4GUra JbMjTe_LDhCcqNk6od.b02wNWS53lYI5duBHDe3Ktft_RexB3fabEBFVOwtkuC.Rh Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:14 +0000 Received: by smtp401.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 90d0e6b59b40235a6b1cae6254f016be; Wed, 07 Aug 2019 22:43:10 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 12/16] Netlabel: Provide labeling type to security modules Date: Wed, 7 Aug 2019 15:42:41 -0700 Message-Id: <20190807224245.10798-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Return the labeling type when setting network security attributes. This allows for later comparison of the complete label information to determine if the security modules agree on how a packet should be labeled. Signed-off-by: Casey Schaufler --- net/netlabel/netlabel_kapi.c | 70 +++++++++++++++++++++--------------- security/selinux/netlabel.c | 23 +++++++----- security/smack/smack_lsm.c | 8 +++-- 3 files changed, 61 insertions(+), 40 deletions(-) diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index a0996bdc8595..496d6a38b2aa 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -975,15 +975,14 @@ int netlbl_enabled(void) * Attach the correct label to the given socket using the security attributes * specified in @secattr. This function requires exclusive access to @sk, * which means it either needs to be in the process of being created or locked. - * Returns zero on success, -EDESTADDRREQ if the domain is configured to use - * network address selectors (can't blindly label the socket), and negative - * values on all other failures. + * Returns the labeling type of the domain, or negative values on failures. * */ int netlbl_sock_setattr(struct sock *sk, u16 family, const struct netlbl_lsm_secattr *secattr) { + int rc; int ret_val; struct netlbl_dom_map *dom_entry; @@ -995,17 +994,17 @@ int netlbl_sock_setattr(struct sock *sk, } switch (family) { case AF_INET: + ret_val = dom_entry->def.type; switch (dom_entry->def.type) { case NETLBL_NLTYPE_ADDRSELECT: - ret_val = -EDESTADDRREQ; break; case NETLBL_NLTYPE_CIPSOV4: - ret_val = cipso_v4_sock_setattr(sk, - dom_entry->def.cipso, - secattr); + rc = cipso_v4_sock_setattr(sk, dom_entry->def.cipso, + secattr); + if (rc < 0) + ret_val = rc; break; case NETLBL_NLTYPE_UNLABELED: - ret_val = 0; break; default: ret_val = -ENOENT; @@ -1013,17 +1012,17 @@ int netlbl_sock_setattr(struct sock *sk, break; #if IS_ENABLED(CONFIG_IPV6) case AF_INET6: + ret_val = dom_entry->def.type; switch (dom_entry->def.type) { case NETLBL_NLTYPE_ADDRSELECT: - ret_val = -EDESTADDRREQ; break; case NETLBL_NLTYPE_CALIPSO: - ret_val = calipso_sock_setattr(sk, - dom_entry->def.calipso, - secattr); + rc = calipso_sock_setattr(sk, dom_entry->def.calipso, + secattr); + if (rc < 0) + ret_val = rc; break; case NETLBL_NLTYPE_UNLABELED: - ret_val = 0; break; default: ret_val = -ENOENT; @@ -1104,14 +1103,16 @@ int netlbl_sock_getattr(struct sock *sk, * Description: * Attach the correct label to the given connected socket using the security * attributes specified in @secattr. The caller is responsible for ensuring - * that @sk is locked. Returns zero on success, negative values on failure. + * that @sk is locked. Returns the NLTYPE on success, negative values on + * failure. * */ int netlbl_conn_setattr(struct sock *sk, struct sockaddr *addr, const struct netlbl_lsm_secattr *secattr) { - int ret_val; + int rc; + int ret_val = 0; struct sockaddr_in *addr4; #if IS_ENABLED(CONFIG_IPV6) struct sockaddr_in6 *addr6; @@ -1128,16 +1129,17 @@ int netlbl_conn_setattr(struct sock *sk, ret_val = -ENOENT; goto conn_setattr_return; } + ret_val = entry->type; switch (entry->type) { case NETLBL_NLTYPE_CIPSOV4: - ret_val = cipso_v4_sock_setattr(sk, - entry->cipso, secattr); + rc = cipso_v4_sock_setattr(sk, entry->cipso, secattr); + if (rc < 0) + ret_val = rc; break; case NETLBL_NLTYPE_UNLABELED: /* just delete the protocols we support for right now * but we could remove other protocols if needed */ netlbl_sock_delattr(sk); - ret_val = 0; break; default: ret_val = -ENOENT; @@ -1152,16 +1154,17 @@ int netlbl_conn_setattr(struct sock *sk, ret_val = -ENOENT; goto conn_setattr_return; } + ret_val = entry->type; switch (entry->type) { case NETLBL_NLTYPE_CALIPSO: - ret_val = calipso_sock_setattr(sk, - entry->calipso, secattr); + rc = calipso_sock_setattr(sk, entry->calipso, secattr); + if (rc < 0) + ret_val = rc; break; case NETLBL_NLTYPE_UNLABELED: /* just delete the protocols we support for right now * but we could remove other protocols if needed */ netlbl_sock_delattr(sk); - ret_val = 0; break; default: ret_val = -ENOENT; @@ -1184,12 +1187,14 @@ int netlbl_conn_setattr(struct sock *sk, * * Description: * Attach the correct label to the given socket using the security attributes - * specified in @secattr. Returns zero on success, negative values on failure. + * specified in @secattr. Returns the NLTYPE on success, negative values on + * failure. * */ int netlbl_req_setattr(struct request_sock *req, const struct netlbl_lsm_secattr *secattr) { + int rc; int ret_val; struct netlbl_dommap_def *entry; struct inet_request_sock *ireq = inet_rsk(req); @@ -1203,14 +1208,15 @@ int netlbl_req_setattr(struct request_sock *req, ret_val = -ENOENT; goto req_setattr_return; } + ret_val = entry->type; switch (entry->type) { case NETLBL_NLTYPE_CIPSOV4: - ret_val = cipso_v4_req_setattr(req, - entry->cipso, secattr); + rc = cipso_v4_req_setattr(req, entry->cipso, secattr); + if (rc < 0) + ret_val = rc; break; case NETLBL_NLTYPE_UNLABELED: netlbl_req_delattr(req); - ret_val = 0; break; default: ret_val = -ENOENT; @@ -1224,14 +1230,15 @@ int netlbl_req_setattr(struct request_sock *req, ret_val = -ENOENT; goto req_setattr_return; } + ret_val = entry->type; switch (entry->type) { case NETLBL_NLTYPE_CALIPSO: - ret_val = calipso_req_setattr(req, - entry->calipso, secattr); + rc = calipso_req_setattr(req, entry->calipso, secattr); + if (rc < 0) + ret_val = rc; break; case NETLBL_NLTYPE_UNLABELED: netlbl_req_delattr(req); - ret_val = 0; break; default: ret_val = -ENOENT; @@ -1277,7 +1284,8 @@ void netlbl_req_delattr(struct request_sock *req) * * Description: * Attach the correct label to the given packet using the security attributes - * specified in @secattr. Returns zero on success, negative values on failure. + * specified in @secattr. Returns the NLTYPE on success, negative values on + * failure. * */ int netlbl_skbuff_setattr(struct sk_buff *skb, @@ -1314,6 +1322,8 @@ int netlbl_skbuff_setattr(struct sk_buff *skb, default: ret_val = -ENOENT; } + if (ret_val == 0) + ret_val = entry->type; break; #if IS_ENABLED(CONFIG_IPV6) case AF_INET6: @@ -1337,6 +1347,8 @@ int netlbl_skbuff_setattr(struct sk_buff *skb, default: ret_val = -ENOENT; } + if (ret_val == 0) + ret_val = entry->type; break; #endif /* IPv6 */ default: diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 120d50c1bcac..8088a787777a 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -266,6 +266,8 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, } rc = netlbl_skbuff_setattr(skb, family, secattr); + if (rc > 0) + rc = 0; skbuff_setsid_return: if (secattr == &secattr_storage) @@ -321,8 +323,10 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, } rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr); - if (rc == 0) + if (rc >= 0) { sksec->nlbl_state = NLBL_LABELED; + rc = 0; + } assoc_request_return: netlbl_secattr_destroy(&secattr); @@ -354,6 +358,8 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) if (rc != 0) goto inet_conn_request_return; rc = netlbl_req_setattr(req, &secattr); + if (rc > 0) + rc = 0; inet_conn_request_return: netlbl_secattr_destroy(&secattr); return rc; @@ -418,15 +424,12 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) if (secattr == NULL) return -ENOMEM; rc = netlbl_sock_setattr(sk, family, secattr); - switch (rc) { - case 0: - sksec->nlbl_state = NLBL_LABELED; - break; - case -EDESTADDRREQ: + if (rc == NETLBL_NLTYPE_ADDRSELECT) sksec->nlbl_state = NLBL_REQSKB; + else if (rc >= 0) + sksec->nlbl_state = NLBL_LABELED; + if (rc > 0) rc = 0; - break; - } return rc; } @@ -579,8 +582,10 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, return rc; } rc = netlbl_conn_setattr(sk, addr, secattr); - if (rc == 0) + if (rc >= 0) { sksec->nlbl_state = NLBL_CONNLABELED; + rc = 0; + } return rc; } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2d88983868e8..62189558bb6a 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2414,6 +2414,8 @@ static int smack_netlabel(struct sock *sk, int labeled) else { skp = ssp->smk_out; rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); + if (rc > 0) + rc = 0; } bh_unlock_sock(sk); @@ -4141,9 +4143,11 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, hskp = smack_ipv4host_label(&addr); rcu_read_unlock(); - if (hskp == NULL) + if (hskp == NULL) { rc = netlbl_req_setattr(req, &skp->smk_netlabel); - else + if (rc > 0) + rc = 0; + } else netlbl_req_delattr(req); return rc; From patchwork Wed Aug 7 22:42:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082867 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DA2811709 for ; Wed, 7 Aug 2019 22:43:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC62428ABE for ; Wed, 7 Aug 2019 22:43:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BE96128AC6; Wed, 7 Aug 2019 22:43:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C6C7F28ABA for ; Wed, 7 Aug 2019 22:43:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389611AbfHGWnQ (ORCPT ); Wed, 7 Aug 2019 18:43:16 -0400 Received: from sonic310-23.consmr.mail.bf2.yahoo.com ([74.6.135.197]:46701 "EHLO sonic310-23.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389628AbfHGWnQ (ORCPT ); Wed, 7 Aug 2019 18:43:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217793; bh=NcR9H7CD11MKd3LBKLjdg9p2YChurfqM33tVMOrp+JM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=nhC3Kholby+ym7pI8f0RXunb2thRhByp0v4XmKEDZ/Dza67HnJplrf5ViTOT/hygzyL6SkZ914k4+RUGm1+Lr6wv6owWEKqtImEwJTipVAhPxNVTUsOps0OBJr6a7amkUevOsCiSImbDrj+JvoSZ6mucLFnZpczLwTJlNtjB/l7XfYwFZDFbvd+UNohD5h4SpNtmV5pcoK+OWOYxu5kl/unjAbhHZoCKrU4iG0oG3dIBVYsiCV9rp1uOO5VAFi3tmzmDambYSv2dSrtSrb94zwOybDMR8tJ1QcU4Kho1+FT/EnRI0WnXnpHywEm61wdk9gr0tUM/IJMu2GCi0142MA== X-YMail-OSG: L8Q.vVQVM1nhxEA6JF8_WlMxrVMd16p6mUKYVmYlKAxZp51UYiArnD.7uPnIoC. 0x62lToLN6L5Hz7LCNG8RSbtfQ3zGzixyFl.uxg_EfSUMxt7lzPqWCdAUZxWxbFB4gXtHLjY9pwn PaNMbtOVKkYwdGQ8g83Wiyio0dc8pDTHLxWRInfcpc305c_e9D.JBlkz.AkMDuBqqz6FQ2Q98CZ7 Sc5DbqUcrhoVJPoGNcbKPKNUWsMt6JOxmYoA7Da5nOWLDdzzYpjcdyrYzeQCRpzDLkgGAwHcSP2K Gtz4Oxtmrt7ha6Ni3Upb8xNPe8MnbyS4neZEcae.YWvxfp.GKhI6uoYhU1SMOV9zGhoyS1zqLXJf FG00A6MceGxlMApLSY_T5jWSKRNWKQAubj4ylqojSn5usifDHx0NrhuHWFEEtYSH.4yEaYUcOlfJ XK.ZfiqbiCiykkRaJhZ_.jCcQo_9o5gMWygeuOWwPomfj3W8wkKwdBOsBamINdSG7zBaQbxvTILg FbFdq7Jdj8Z9TvSZJlAFVr33sot2iyHqiGCXuEEKF0SOEuSoJB.k.o2EX1AWb45c33tvUziL5_EK bv2nPLslo3XX3WfUSO9OwNsei3kA.w3wDm1KS.ePMwELk9CMNHEb3gCPe8gAZJje9G4SkjsjWNka yYJSVR_xsZiXNsKM2m6SpSkQEi3g5bcZtpePqznJ3X3i.18nSVsjiDnQOXUpBHH.oSx9YLDN4EhF y.7T6m6XYWMS0wmw7yRcEqL9jqcKdldsiE3XorQ6faIpxQAkOErxiU5KLvwQOojZ32bSJNojDm_P gcV07tqdNbUMXrgHHugTlRlO4lhOYK5FMs25Wi5XZaguMfKmEsSztbIXE6dwiX0yDLCLge9YNGKL bqqhXAwMXR3.Z0HhZczx2cX.Y43KsxypEKFhj5463B4PAv32kUX1RWmxFF6fc5rSeQHiz.3iky2I nK1QV_hIscNPhT5d3107_3YE9YtwZlLVqvVjniOcgmk75KNex.LpN.OmOOdKuJO1cEmN0t1Rj39_ tPDqmsDRK.92xkBa9UIl10XBIg07Wj7vwKBxW65D6xumyhuj0ie2J7u6AHxxQGp.GmKCKxqmRxp2 g63fSoljFR_Z5_9OuCDEoRcfLOZjB9mVH13U.GpyCN9lKzMBZRTbzNNmWm7R7zr_OzriD2rknsMH 1mPq_YKZ2a7daXcfPqnFajZ54uf1CpYAboBSAoYMRDCajzI3ULnWnj1xw5PtdSWmpdw5cWILzYnt hkzV6SMSLrij_oDehqYAjqwk.kBxABjjRnd_2tQ38.yyG714L.Zsp_0rrwHOAWYJPzsE- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:13 +0000 Received: by smtp401.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 90d0e6b59b40235a6b1cae6254f016be; Wed, 07 Aug 2019 22:43:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 13/16] LSM: Remember the NLTYPE of netlabel sockets Date: Wed, 7 Aug 2019 15:42:42 -0700 Message-Id: <20190807224245.10798-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add the NLTYPE returned when setting labels on sockets to the information retained by SELinux and Smack. Signed-off-by: Casey Schaufler --- security/selinux/include/objsec.h | 1 + security/selinux/netlabel.c | 20 ++++++++++++++------ security/smack/smack.h | 1 + security/smack/smack_lsm.c | 17 ++++++++++++----- 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 3b78aa4ee98f..5ab0d0d212bd 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -124,6 +124,7 @@ struct sk_security_struct { NLBL_REQSKB, NLBL_CONNLABELED, } nlbl_state; + int nlbl_set; /* Raw NLTYPE */ struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */ #endif u32 sid; /* SID of this object */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 8088a787777a..56e780340114 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -185,6 +185,7 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec) void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec) { sksec->nlbl_state = NLBL_UNSET; + sksec->nlbl_set = NETLBL_NLTYPE_NONE; } /** @@ -244,14 +245,14 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, int rc; struct netlbl_lsm_secattr secattr_storage; struct netlbl_lsm_secattr *secattr = NULL; + struct sk_security_struct *sksec; struct sock *sk; /* if this is a locally generated packet check to see if it is already * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = selinux_sock(sk); - + sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; secattr = selinux_netlbl_sock_getattr(sk, sid); @@ -266,8 +267,11 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, } rc = netlbl_skbuff_setattr(skb, family, secattr); - if (rc > 0) + if (rc >= 0) { + if (sk != NULL) + sksec->nlbl_set = rc; rc = 0; + } skbuff_setsid_return: if (secattr == &secattr_storage) @@ -325,6 +329,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr); if (rc >= 0) { sksec->nlbl_state = NLBL_LABELED; + sksec->nlbl_set = rc; rc = 0; } @@ -428,8 +433,10 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) sksec->nlbl_state = NLBL_REQSKB; else if (rc >= 0) sksec->nlbl_state = NLBL_LABELED; - if (rc > 0) + if (rc >= 0) { + sksec->nlbl_set = rc; rc = 0; + } return rc; } @@ -573,8 +580,8 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, if (addr->sa_family == AF_UNSPEC) { netlbl_sock_delattr(sk); sksec->nlbl_state = NLBL_REQSKB; - rc = 0; - return rc; + sksec->nlbl_set = NETLBL_NLTYPE_ADDRSELECT; + return 0; } secattr = selinux_netlbl_sock_genattr(sk); if (secattr == NULL) { @@ -584,6 +591,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, rc = netlbl_conn_setattr(sk, addr, secattr); if (rc >= 0) { sksec->nlbl_state = NLBL_CONNLABELED; + sksec->nlbl_set = rc; rc = 0; } diff --git a/security/smack/smack.h b/security/smack/smack.h index f28db5a42b7b..b531f7ea21a7 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -104,6 +104,7 @@ struct socket_smack { struct smack_known *smk_out; /* outbound label */ struct smack_known *smk_in; /* inbound label */ struct smack_known *smk_packet; /* TCP peer label */ + int smk_set; /* Netlabel NLTYPE */ }; /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 62189558bb6a..87c81cbc8c67 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2409,13 +2409,16 @@ static int smack_netlabel(struct sock *sk, int labeled) bh_lock_sock_nested(sk); if (ssp->smk_out == smack_net_ambient || - labeled == SMACK_UNLABELED_SOCKET) + labeled == SMACK_UNLABELED_SOCKET) { netlbl_sock_delattr(sk); - else { + ssp->smk_set = NETLBL_NLTYPE_UNLABELED; + } else { skp = ssp->smk_out; rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel); - if (rc > 0) + if (rc >= 0) { rc = 0; + ssp->smk_set = rc; + } } bh_unlock_sock(sk); @@ -4145,10 +4148,14 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, if (hskp == NULL) { rc = netlbl_req_setattr(req, &skp->smk_netlabel); - if (rc > 0) + if (rc >= 0) { + ssp->smk_set = rc; rc = 0; - } else + } + } else { netlbl_req_delattr(req); + rc = NETLBL_NLTYPE_UNLABELED; + } return rc; } From patchwork Wed Aug 7 22:42:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082891 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F10D514DB for ; Wed, 7 Aug 2019 22:43:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E449C28A16 for ; Wed, 7 Aug 2019 22:43:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D877F28ABC; Wed, 7 Aug 2019 22:43:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4CF9128A16 for ; Wed, 7 Aug 2019 22:43:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389605AbfHGWnU (ORCPT ); Wed, 7 Aug 2019 18:43:20 -0400 Received: from sonic317-27.consmr.mail.gq1.yahoo.com ([98.137.66.153]:43306 "EHLO sonic317-27.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389631AbfHGWnT (ORCPT ); Wed, 7 Aug 2019 18:43:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217798; bh=rgt35VYK8xtWCyWCZH0+rRuwRdtZJYLmJIf0XfoyZVQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=gVyeaIiN+aFvS7j0igFCpk4MA+lDBU/1BxSoFR475ZnwhJQ5Ke1vsREW9ELqA0F+MkocpQ1nW8ze/YlOVfgmE4pE3oZnx0nJ9HgNTgEOoAf2Y9er/DYnohvxCvxkMLsE4nlmycevdxlGbPx8lKc3Unq80JkZ6LXJpFzcnDhM0Tt+J/nhJjCzJ7pUf8wpWM9KS/s4Kcf0OBY4U03WMKQ2gGrFz8m608QNFGfAC2q0kkA/G+JfXcAPZrl2zmf/O3w/6pboLHqSYzJfCYeM79W5NMZbcaK2xR+b4qzdheNU6R1yYNpFbKCOmxcdVJhxvLq9780Sr8V1DqQSA+AhaC+isQ== X-YMail-OSG: .k6Q0lwVM1n9bI21Q4Q1mWByexH2psMldO2kvAIsCnrBjh.peeYhc2bYF97.F9U fjNcmIXB39bZWkMK5ID7vTakY8PbMtBqgLHBmNso4SiRkRyqGYDHEZrPPHrGZlvoSC.VKeMP44ri X1ydJGR1z1QZ1ocgIz6lwnx6SNcPmTbclTgv6zP6igUlh1uPHeIuOE.SPF3iO_qV2Yc9fhHIe1eS U4w3j2_lj7h5gu5SHBz5sZ8sGBnV4Jw4ckiXxlGivZYQzbaWsKKLwh9XMLoIdJZxkkXXGCLG4uU1 KMUnTjcbcjo.oKcBzenLYIAnlClkmYs8z7Xw0AaIR.8HvbAzAH.Cs.rcsxTVby3UXqxZqUP5Afxq 7KaXJpGbAZLA0sIBH1s7bGLO..XMen7scz8iHKERmrj5urHPoG5DlrwLQeSSm7e2rSvkiVNCR0TB Z.8TM3LL2SUyGcmYVAR3xq08yBcG.qnz9VNZyUtlmt9AbK4ZYl0KqnSKpVGVCWKBYSkodHVPtKVB aUXlgFBDuCVgM1no2j2KTPvKsgBUY3Z4nlEycYj_cIBJwhY8DrUA1ULWCDmPaOwtEfc2YbsG16cH ALbUTEDSx.Hmqy_p7vQRWdkoDo8JJurfrguGznd61tGwURrky8_ed2AdlkDbnhLfN8it08leIi.c q.kvTK8ytslF2wvsy1j2t9ZZ.ySswtJH1kxK__CIRIxzxCGmrZ_.b2Tx5GZptexz2KTFhShIHxPF o5KvDJQ.xq0xEYN0DYuz2sqW4oZ16.Cv.fNaFu8SipdW.6MsIXvRMJS92Jk2b0yVcfkIB7K_zx.E 1oBgnl1Ipr4wh0FW7T5FFh34djrOowdBt8UZi__1eKogA3S6DKUtIh0jQU1RP64SoSffAs3uWpAu 3hAm8kPYwBsUnrCBN1RPhG.joj_vWY1botErCYiBQZweac.vq4dKQzaNaNzYWgKHAX1Xjb2LZ4HR udSiQAgQEuGEN44Bduwq7lb7gBdFDylOVMCSA4cI8q89iR2oVoN3pYICFSpxVhlU7NKrhgsH.j3u bWyxIPYkU1Vsoa9PzC6Zk.S6TscNs72Y1eS5.wWMdbOPfvuZmrJ.Mhv8LofDYg2fyYTqjiZplLk7 Hgd8W0c4hjC0zFweNqu9s01la3bqAlFre3tj8tbXWZOozshxNSjY9kYUQJbX2bSr0Cy83mUsoaJA PZ3RxLFHxWXTu2ole7o7dqmr_u1qIcU9DHISqxq_q5B745mQE3483WenQE4Vlr21018cZC8lbZ6Y MOMqzzFhydyzsHOWyiIqP.Jt1r.AJ_Pcq0TG9LYxvDy_qhZro993pP7lK5Cutn5JDDIXzU5yWwOB VqyRM_jBL Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:18 +0000 Received: by smtp405.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b31e22a1723893410aaa66faa171513d; Wed, 07 Aug 2019 22:43:16 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 14/16] LSM: Hook for netlabel reconciliation Date: Wed, 7 Aug 2019 15:42:43 -0700 Message-Id: <20190807224245.10798-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add an LSM function security_reconcile_netlbl() which uses the new LSM hook socket_netlbl_secattr() to decide if the active security modules are in agreement regarding the labeling of a network packet. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 15 +++++++++ include/linux/security.h | 9 ++++++ security/security.c | 50 +++++++++++++++++++++++++++++ security/selinux/hooks.c | 3 ++ security/selinux/include/netlabel.h | 7 ++++ security/selinux/netlabel.c | 9 ++++++ security/smack/smack_lsm.c | 9 ++++++ 7 files changed, 102 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 67797c67093b..4bf88fa5b55d 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -29,6 +29,9 @@ #include #include +#ifdef CONFIG_NETLABEL +struct netlbl_lsm_secattr; +#endif /** * union security_list_options - Linux Security Module hook function list * @@ -1432,6 +1435,10 @@ * @bpf_prog_free_security: * Clean up the security information stored inside bpf prog. * + * Security hooks for network labeling (Netlabel) operations. + * + * @socket_netlbl_secattr: + * Report the netlabel attributes this module wants for this socket. */ union security_list_options { int (*binder_set_context_mgr)(struct task_struct *mgr); @@ -1788,6 +1795,11 @@ union security_list_options { int (*bpf_prog_alloc_security)(struct bpf_prog_aux *aux); void (*bpf_prog_free_security)(struct bpf_prog_aux *aux); #endif /* CONFIG_BPF_SYSCALL */ +#ifdef CONFIG_NETLABEL + void (*socket_netlbl_secattr)(struct sock *sk, + struct netlbl_lsm_secattr **secattr, + int *set); +#endif }; struct security_hook_heads { @@ -2025,6 +2037,9 @@ struct security_hook_heads { struct hlist_head bpf_prog_alloc_security; struct hlist_head bpf_prog_free_security; #endif /* CONFIG_BPF_SYSCALL */ +#ifdef CONFIG_NETLABEL + struct hlist_head socket_netlbl_secattr; +#endif } __randomize_layout; /* diff --git a/include/linux/security.h b/include/linux/security.h index 0e699d4ed13a..c234d881c206 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1934,5 +1934,14 @@ static inline void security_bpf_prog_free(struct bpf_prog_aux *aux) #endif /* CONFIG_SECURITY */ #endif /* CONFIG_BPF_SYSCALL */ +#ifdef CONFIG_NETLABEL +extern int security_reconcile_netlbl(struct sock *sk); +#else +static inline int security_reconcile_netlbl(struct sock *sk) +{ + return 0; +} +#endif + #endif /* ! __LINUX_SECURITY_H */ diff --git a/security/security.c b/security/security.c index e726fc7c6712..bfe40c11f5bf 100644 --- a/security/security.c +++ b/security/security.c @@ -34,6 +34,9 @@ #include #include #include +#ifdef CONFIG_NETLABEL +#include +#endif #define MAX_LSM_EVM_XATTR 2 @@ -3003,3 +3006,50 @@ void security_bpf_prog_free(struct bpf_prog_aux *aux) call_void_hook(bpf_prog_free_security, aux); } #endif /* CONFIG_BPF_SYSCALL */ + +#ifdef CONFIG_NETLABEL +int security_reconcile_netlbl(struct sock *sk) +{ + struct netlbl_lsm_secattr *prev = NULL; + struct netlbl_lsm_secattr *this = NULL; + int prev_set = 0; + int this_set = 0; + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_netlbl_secattr, + list) { + hp->hook.socket_netlbl_secattr(sk, &this, &this_set); + if (this_set == 0 || this == NULL) + continue; + if (prev != NULL) { + /* + * Both unlabeled is easily acceptable. + */ + if (prev_set == NETLBL_NLTYPE_UNLABELED && + this_set == NETLBL_NLTYPE_UNLABELED) + continue; + /* + * The nltype being different means that + * the secattrs aren't comparible. Except + * that ADDRSELECT means that couldn't know + * when the socket was created. + */ + if (prev_set != this_set && + prev_set != NETLBL_NLTYPE_ADDRSELECT && + this_set != NETLBL_NLTYPE_ADDRSELECT) + return -EACCES; + /* + * Count on the Netlabel system's judgement. + */ + if (!netlbl_secattr_equal(prev, this)) + return -EACCES; + } + prev = this; + prev_set = this_set; + } + /* + * No conflicts have been found. + */ + return 0; +} +#endif /* CONFIG_NETLABEL */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 91ef2ae77abb..48468a4b478c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6887,6 +6887,9 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free), LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free), #endif +#ifdef CONFIG_NETLABEL + LSM_HOOK_INIT(socket_netlbl_secattr, selinux_socket_netlbl_secattr), +#endif }; static __init int selinux_init(void) diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index 8671de09c363..b316c62e7bcc 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h @@ -69,6 +69,9 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr); int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr); +void selinux_socket_netlbl_secattr(struct sock *sk, + struct netlbl_lsm_secattr **secattr, + int *set); #else static inline void selinux_netlbl_cache_invalidate(void) @@ -165,6 +168,10 @@ static inline int selinux_netlbl_socket_connect_locked(struct sock *sk, { return 0; } +static inline void selinux_socket_netlbl_secattr(struct sock *sk, + struct netlbl_lsm_secattr **secattr) +{ +} #endif /* CONFIG_NETLABEL */ #endif diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 56e780340114..0f50a646c8cd 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -642,3 +642,12 @@ int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr) return rc; } + +void selinux_socket_netlbl_secattr(struct sock *sk, + struct netlbl_lsm_secattr **secattr, + int *set) +{ + struct sk_security_struct *sksec = selinux_sock(sk); + *secattr = sksec->nlbl_secattr; + *set = sksec->nlbl_set; +} diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 87c81cbc8c67..122c13604d28 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4572,6 +4572,14 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, } return 0; } +void smack_socket_netlbl_secattr(struct sock *sk, + struct netlbl_lsm_secattr **secattr, + int *set) +{ + struct socket_smack *ssp = smack_sock(sk); + *secattr = &ssp->smk_out->smk_netlabel; + *set = ssp->smk_set; +} struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct task_smack), @@ -4733,6 +4741,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_copy_up, smack_inode_copy_up), LSM_HOOK_INIT(inode_copy_up_xattr, smack_inode_copy_up_xattr), LSM_HOOK_INIT(dentry_create_files_as, smack_dentry_create_files_as), + LSM_HOOK_INIT(socket_netlbl_secattr, smack_socket_netlbl_secattr), }; From patchwork Wed Aug 7 22:42:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082883 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA3B51399 for ; Wed, 7 Aug 2019 22:43:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AC69528ABA for ; Wed, 7 Aug 2019 22:43:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A07A528ABC; Wed, 7 Aug 2019 22:43:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2FC3728ABE for ; Wed, 7 Aug 2019 22:43:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389632AbfHGWnU (ORCPT ); Wed, 7 Aug 2019 18:43:20 -0400 Received: from sonic317-27.consmr.mail.gq1.yahoo.com ([98.137.66.153]:41948 "EHLO sonic317-27.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389605AbfHGWnT (ORCPT ); Wed, 7 Aug 2019 18:43:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217798; bh=Veu3kjDA/1pLCZ4fZrBLZYYlkvuefge0fWjtW5fbMhk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=fXvUeNN9CyTQQtHMv2jTJ0qbKtktOS06lV4zki0BSoTF/APj1cL7DIeV4HpCNQPwvIBDNSKfkIUPFk6AWvEHhjyJbSVuQbyPcllAoYny1klJWirH3x/Xar9o1QbFVPW8F9zEBSvYmKR62dmaFisr4TWhCNL/nn0deXIBRyI/Dc0ncXGYbsoIaOnflMXpz89MI7ECsEQh+u+28lEqJ1Gq8j3R3qmjnm5m1wJNBMY5jldvRajflfyxsb2O7940DjAG9gqKr5P2ou5odXkvoOpLBfT1qIB+yE+QswMGsTZms5ifpxzDbNgWeNdED0srUVxm7oQbjhsmp+bhg6e9UgyuMQ== X-YMail-OSG: KNeEXVUVM1nFH.F2eK23RxL3.g3308O.5CEXkwPV2iYV_KlzzhFs8K3XqfpQgga HEA8un0l0bk9S3POa5h4eP70wIT695qf5XQ9eGV21svF7MbypdmB64CsyAg54ukgrrgmoqOuIZf_ 5cc2UylWwKuk2DSnOJeasTdQDaiZuRgRmx2m_7lGCAiQHUAhdliPLuO48RmgXuUqTLOOVMypwCOW k92Cv._Fe.tbvAxV.fBfY6Wp_cQN6VvUmfP0CbffrTmQOdgkwds0bE_oxb.ubdmoNjD2DMsL6fdV U5XhlzPTfky2cDRwU42ax5kOfk4BynIIToO2xpKknTRnrwDDy1BMC100Vg7HcoxI_cfPca4t307m CQDTw7zRICrjLbEKEhT9kmFE3RiVuI3wOSOleJvvKhI4Id6knnAL1zcQBH5Rc9sBzzhO9RSvxd.y ptXR2P39Bg2fnmCb3reB1xl2a2FXw.GQ_weKROlcbclQYxcWdIJhy4K08ChPG5xWBIEhv3dJzHS9 2KaKPK2k9eCVyYdyxuzOa.ljF1ltqTn8_oXwEJETp6ZrFS0aq76Lv8VRHCthXoV2zqQDwfoaSssu QMoq6a2P_Nx.aUAn9DPnpPm3CLYnIxh6CWLfilEHovHlWqE.jD1_p8Ph6OAbYW4NwOv3Wk2aHRoN nTSjoyCIE8_0fPYj31jmq0uDYm3SaJVBxfY8kKGSTdddL7TB2uCPS_WlVUteelNodMaGQQbUdJaO u_y.PTwZFnJNqRkswzJi1lrO0EBKIVZe8wzW64jtBm861kBnlVP1acHcblrErYVKFUFCI93YCI1Q dqTvqlOmHgi3A0R2Aymj1.0hofb_PpAmDyndsjtNYeqei_e.bklQsVWaDrnVo1_MSQ6iKM2LtQTa LEK9H6O0dEWNdStU85iT3YMsiRZBOgHYZtbVnOpx1AeMLA2MXR1gmPS0Gg9ii7xeVH0y_1cuMg4T bftvDCo9o8y4EX5TDePfYdwSKRPmb7nmOf2dd6Q7KJnZtdo1xy6OXJ2U9KEOK2RXxA7_Rad08H5. X5MTrO.vOYQbc_1DgYVe.xdrcM.wDcaj_KbCIrXGv_VshtLIbVvsUP6R_1NslJKlTISYi3mWiSuj ThPbG8Gk5WKjTdDrDKtdEY9PK2apj3b2AHETSl6J4g2LBF.lQJvG.Zduy.ujbwC9n2RQxJblYrAS L0YRiXxjJaXVnVxpGS6mBVP4cRoYFlHfCEH7l9LZMzn89_Usife3SL9JEVzOn4xNamXRmgDUenLE V7a89tZn_BqJFTL_mSmdu4vRCZnc72R01Enw009NLRoiPOfwgfEMSkdqaKTrPVZM2NxlfO_tKoyv PGknV Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:18 +0000 Received: by smtp405.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b31e22a1723893410aaa66faa171513d; Wed, 07 Aug 2019 22:43:16 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 15/16] LSM: Avoid network conflicts in SELinux and Smack Date: Wed, 7 Aug 2019 15:42:44 -0700 Message-Id: <20190807224245.10798-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add calls to security_reconcile_netlbl() in SELinux and Smack to ensure that only packets that are acceptable to all active security modules get sent. Verify that all security modules agree on the network labeling for sendmsg and connect. Signed-off-by: Casey Schaufler --- security/security.c | 43 ++++++++++++++++++++++---------- security/selinux/hooks.c | 3 +++ security/smack/smack_netfilter.c | 8 ++++-- 3 files changed, 39 insertions(+), 15 deletions(-) diff --git a/security/security.c b/security/security.c index bfe40c11f5bf..4897c68cdb71 100644 --- a/security/security.c +++ b/security/security.c @@ -2496,7 +2496,13 @@ int security_socket_bind(struct socket *sock, struct sockaddr *address, int addr int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) { - return call_int_hook(socket_connect, 0, sock, address, addrlen); + int rc; + + rc = call_int_hook(socket_connect, 0, sock, address, addrlen); + if (rc) + return rc; + + return security_reconcile_netlbl(sock->sk); } int security_socket_listen(struct socket *sock, int backlog) @@ -2511,6 +2517,12 @@ int security_socket_accept(struct socket *sock, struct socket *newsock) int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { + int rc; + + rc = security_reconcile_netlbl(sock->sk); + if (rc) + return rc; + return call_int_hook(socket_sendmsg, 0, sock, msg, size); } @@ -3016,28 +3028,33 @@ int security_reconcile_netlbl(struct sock *sk) int this_set = 0; struct security_hook_list *hp; + if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) + return 0; + hlist_for_each_entry(hp, &security_hook_heads.socket_netlbl_secattr, list) { hp->hook.socket_netlbl_secattr(sk, &this, &this_set); + /* + * If the NLTYPE has been deferred it's not + * possible to decide now. A decision will be made + * later. + */ + if (this_set == NETLBL_NLTYPE_ADDRSELECT) + return 0; if (this_set == 0 || this == NULL) continue; if (prev != NULL) { - /* - * Both unlabeled is easily acceptable. - */ - if (prev_set == NETLBL_NLTYPE_UNLABELED && - this_set == NETLBL_NLTYPE_UNLABELED) - continue; /* * The nltype being different means that - * the secattrs aren't comparible. Except - * that ADDRSELECT means that couldn't know - * when the socket was created. + * the secattrs aren't comparible. */ - if (prev_set != this_set && - prev_set != NETLBL_NLTYPE_ADDRSELECT && - this_set != NETLBL_NLTYPE_ADDRSELECT) + if (prev_set != this_set) return -EACCES; + /* + * Both unlabeled is easily acceptable. + */ + if (this_set == NETLBL_NLTYPE_UNLABELED) + continue; /* * Count on the Netlabel system's judgement. */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 48468a4b478c..293350b672a8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5522,6 +5522,9 @@ static unsigned int selinux_ip_output(struct sk_buff *skb, if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) return NF_DROP; + if (sk && security_reconcile_netlbl(sk)) + return NF_DROP; + return NF_ACCEPT; } diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index 7b9c8d5d8408..92aeffbbb27c 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -75,7 +75,7 @@ static unsigned int smack_ipv4_output(void *priv, const struct nf_hook_state *state) { struct sock *sk = skb_to_full_sk(skb); - struct socket_smack *ssp; + struct socket_smack *ssp = NULL; struct smack_known *skp; if (!smack_checked_secmark) { @@ -84,11 +84,15 @@ static unsigned int smack_ipv4_output(void *priv, smack_checked_secmark = true; } - if (smack_use_secmark && sk && smack_sock(sk)) { + if (sk && smack_sock(sk)) ssp = smack_sock(sk); + + if (smack_use_secmark && ssp) { skp = ssp->smk_out; skb->secmark = skp->smk_secid; } + if (sk && security_reconcile_netlbl(sk)) + return NF_DROP; return NF_ACCEPT; } From patchwork Wed Aug 7 22:42:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11082877 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E1E6B1399 for ; Wed, 7 Aug 2019 22:43:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D550D28ABA for ; Wed, 7 Aug 2019 22:43:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C980828AD9; Wed, 7 Aug 2019 22:43:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0538228ABA for ; Wed, 7 Aug 2019 22:43:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389635AbfHGWnT (ORCPT ); Wed, 7 Aug 2019 18:43:19 -0400 Received: from sonic317-27.consmr.mail.gq1.yahoo.com ([98.137.66.153]:38148 "EHLO sonic317-27.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389630AbfHGWnT (ORCPT ); Wed, 7 Aug 2019 18:43:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1565217798; bh=Osu6XGAcDFD0M+ySV74N8nqsIlm0gr6gJHIRJiI8EKM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=RquEBeu1b/YoxREBJjZ7gub/9K61AxuchCoOB/HXcoHeavU9PVR9MwyHfGwW5n0B/wsqmyQ9OEH7nJ8GW+ujd64XIjH3804xNSOlaeOTUpf2mmIbLSR1+VRsVdqDdSnk6y0ffuG3rZ/7tVRnVM8nFoVSYGRnzG3AACp2U/12cO+bC6TPJD0sVGui1bEOdqQbqKGTRS0E+r8p8k6t6z9DTtaBvROcQc5YTOX4I1lDDUbcE6g4r693/PB/OKgzYDbT4D6QRl539VqfXQSdQXk4eHfE9L6ykYq+PKmpAAHW7vPw0VNTTWVn8+aRX/c89cLmHNiPgVXAg+XfhN0+FjZ/uA== X-YMail-OSG: zKbkBj4VM1k2F8fyRmZc7wxkgQ8GgHwKp8JxA7LrIZk188gCX8xMfADb1pDzirA TPpPRTxf3JmLzvac.LhnpC9MX3TkpqoWhRQoQGcXshFQKpOaSCt1ptwC2q2O15ZOupQyhJ4SFDWY yOiElM37jIAyCB5xHw0406exMri5GQ9plajmhxKxaBNWYZN8M37hKUQFc_MvfHBqaDrtGSdGKu.7 nRJIswrkr.z4pfLhgjFauLu7yBbSQqtvb42otrARqCdpkILmFk8OZEETSkYwNsRtAB8Q8mC1AGcd nroZ7cbod7U8Jnjz5si9sUqeHJlDKdH.rWF32ZhROixFfGuM_9trc8u44SInUCPeJn4sw8sFz6__ sLh8vNSUTKEzwG2x8E0S45Rv76f9.lvZ3UOksgM7eI1NVz859i4XZTxmXHLdhMK2wBwjvhYMa8Ok 8DfkhuXoB3HhcCMnV_t7q9IVwbjvbHD_.g1MWMKvLvz6NpCmCbFe6A2ibem0NC7jjt.3dcsxuoIZ GCdKLQeJiRS5Eox.tCKzgewWJe7R6FCjmQB3kCxzTXXec6pOy_qYWiBGKaVP3EzIHpFfR8012XgY 3XoMC4pgPljAWuj6OzqDxiM4TtOr6SMrq38Lah2csHF8aOLd4YrHcwhr0tu..faKP15iU5Px5l_R yQRBMkKp0f1O68VkABFInWXJ8tODZFgYUxLAI3rYTZPD9CsDqyCB1iYHsiq58OV9_hCLId9A7HI2 ZEkgXvaOd.2cFFEEYDfwrzhWXTcxOhnM6KC_0rCb4GZrffhjNykf968tJzS5CB2AtqckLQUWW9nC K.PZhApBGEmI9kNldkve1brS39gJvG3YxW019yBfb5AEZysbbXzS3oYmKie4K_8ba_qSY3P4PnFG AH_ZAG4KJ0ItM5dLRBQgJAZ8xpNtFJLSSNlvHFSC9CJyD8uxdikmFBupvUG5gmI2JKc5T.BKaq7I FR7t7nKl6cbgRDQ6TWJhpLkywqLkg5A3Iregsoa1zwLWtVBcNNmnGYeVEWxr.IkiGkqFLAWS3q_n k7ng4baWQGE_r0QPsj9ht8O6xu7oKoSwYbf6t4EWvRP4f9SG9muaS6nyuw78aWCqWSWFmI8jS_P_ FvrdJYNFVgQHdY576v7H1TtP2TDfpxTgo9xdKh9mTzCf8JPJDueIERmja45xHeqwv94JdxpVTyWS w5NUq3i7zPfU4t3iQsAc1vtuASSz4CIJeL9A78KbZia0hv1vfs4mqxTUw6LJN0kopO0gi.uw5uvi Df_FMtM3JDpH17tPgiSrcs6kmgBMDG1y0R5NfV.X9YyXecd5cvlywNcsJiawgVDYrwqeGeTELKLG eeLpE Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Wed, 7 Aug 2019 22:43:18 +0000 Received: by smtp405.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b31e22a1723893410aaa66faa171513d; Wed, 07 Aug 2019 22:43:17 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH v7 16/16] Smack: Remove the exclusive flag Date: Wed, 7 Aug 2019 15:42:45 -0700 Message-Id: <20190807224245.10798-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190807224245.10798-1-casey@schaufler-ca.com> References: <20190807224245.10798-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Smack no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 122c13604d28..3b76ec6cf960 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4822,7 +4822,7 @@ static __init int smack_init(void) */ DEFINE_LSM(smack) = { .name = "smack", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .blobs = &smack_blob_sizes, .init = smack_init, };