From patchwork Tue Nov 19 21:45:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11252689 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 836201593 for ; Tue, 19 Nov 2019 21:46:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 51C1D2240E for ; Tue, 19 Nov 2019 21:46:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="NmTm9Txo" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726874AbfKSVqJ (ORCPT ); Tue, 19 Nov 2019 16:46:09 -0500 Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:38754 "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727140AbfKSVqI (ORCPT ); Tue, 19 Nov 2019 16:46:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1574199966; bh=5GryetjHS9DsS6NvVDShqBlcVkATUSaTt+1DCEu2n9w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=NmTm9TxoU6vpNZGfPwkKlHGCMnoziafzfl0qX89RRSrVOS9KLzfuBZAnwUOCrBTAssBgngLL8kJ3GNoVt/IEoEQ/H14cTQpl1mBtaDeKxW66eRMhTFZFPZtTQcKuujHD7e1WeVOi8SlpvVnmrY/C3ZWaR5Hk9lMnU5M2U2OYoZvYnFw35697lexVmJuxY2g00cWthESjdOVla7hxqpwq2Q9GIjDDUOjjGRWHlhyBPXjR7D9yxFxthEAI7tCMi79J7roI8lD+jsD/g0vi9e3Eu2Erzd6doAl3qKqsHQZ7QisTU+xU5IK6c8nkvdbRT3ILjCXoT9yxO+jQIYze1KJMAg== X-YMail-OSG: czr9Sa8VM1k6npVp9Ta1aB_tu3imWkmCwTC2XlCsOrU7PB8BkxWfUJA34LjPlss j0d9oe81W64Dha.lwz0Thp.J_kWqCu3G5MwoJmhOQUj7Da4ebEQvmmpFXRbmHywcd6rwwk2HYs2_ l_ulXI4Of1n6tQ9obw4NfSnuoysHP2RWPHUrW_27IUqobKCSVEiJvOQvdMNvyIRY9pnLaO9DPvNj JkijaRYXlPtu3DCJsAzMxhnCu9WlmK_ee5Pw7cSlAn2rYDGJ5_s2qLEIvsLlsRRGdPl604DvzMAI A5D1WQkkFPyNSuNj5u1xrLo4qSqQcDPH4kX.HZPFOKV.A9TJJJpsjSocL3ko7lLcJwgQGyKkYNec kdHeeN1N7w9Jq_PasSx3W3Ur3VeLgOfzYwcAP90QrIB1LVj4Hll4mRrD7yh23RalS4Q5SKr48q5M 2i.6AyBr5i_1KR7vgsS3lTtiXpJybKp_6i8pY1_Kp4d5VGGFd5wPK59brT1l7OHWXNE8rMyL8kGS TZ8F5pgdZBeCVhVQkA_ZQowGdQimHG_hG5Ek8gtNiiEM8ChP8yd7wX5qb0BrWRActDdaT62WcwIg i6BJ8YaE5SgwzRYxLv_p8kg5.K7r.lu7qD24gjoXIGwhx378ho6YUasU.WnCbAijg8vlIldmDJ_w XVePkvZ1yEQivCqxn.izJnGMyAHqoNavMbDHDeLFhH9l9MzMMEi9m5s.3LLsf7I.KehiPMHfBWZf hb9h.rUK5a17BR6HKOGvqpB9lKhaFxcZIGK0RuCCz2JsOWDh8af7OG1Ok86CwgEgn6WF3YsMVLqi HWXCrnjcoyuF.N_Nsr1CkpSVB7AWTdlCjXw3R1tsDPTUPcYwqKjbtdPajk6FJzYcgVCBAi.V1oq5 b.i1EKsrpLvksYmUOQ7atdlrN5F3TMO4UEPd7oPpQa37jkgJRnm5MBhu2EZgU6khS6UYh5LvoCa7 FcGJX8fiZZyWDJ.Z_TUoJ5WJi7egPxXJytJl5Frty6ELNzRRAkTTdLIx.U6k7TNnEIA1xaC.uIl4 supvNsCm_3BMvQh92ABT0G41Vunu9_4z1l0ZhxAbNgRdglJAp7fA3a89a6Ru9jG1e6NqW5MJ8NU1 5zLlrF4WyAqAbUlaRe6667qSF3NZ8fHXhmfPy0gfWAnyM7rLpNptw_c3fdSDo3zoCqjWYs3gR2id CRcqcModBoH5rhCzIwtN3UNo3juIkdG8V1yJvcddo3Ixcne9c1OI.fag0L5kCOOwjBQnJMIXsKrs _A3oaWxIXKG0T8nn_a5_soHSDk7EvyfrsNgbP.ZEYPz9jPb71qD520Pj8kmPXCwXPp.CLInGa7wu 6q8g5i14CQFDBZaMRxE4c44S5h0s.z7wiR24c_kqIH8rJe5fq9hCpmJcB02.3QCiwP1MlYCx7Rij qLmpYV68FzWo4v6.pTvEWzshq04pdKY.jvGefrJZGm5p2fv06Meoh5Q-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 19 Nov 2019 21:46:06 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 44ccda8ccd0493c5e1e3acd1964ab202; Tue, 19 Nov 2019 21:46:04 +0000 (UTC) From: Casey Schaufler To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com Subject: [PATCH v11 03/25] LSM: Use lsmblob in security_audit_rule_match Date: Tue, 19 Nov 2019 13:45:56 -0800 Message-Id: <20191119214601.13238-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119214601.13238-1-casey@schaufler-ca.com> References: <20191119214601.13238-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. In some cases this requires a temporary conversion using lsmblob_init() that will go away when other interfaces get converted. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 7 +++++-- kernel/auditsc.c | 14 ++++++++++---- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 18 +++++++++++++++--- 6 files changed, 41 insertions(+), 16 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5eced28fa0c9..2df58448f1f2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1835,7 +1835,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule); void security_audit_rule_free(void *lsmrule); #else @@ -1851,8 +1852,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index b0126e9c0743..356db1dd276c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1325,6 +1325,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1355,8 +1356,10 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_rule) { security_task_getsecid(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, + f->op, f->lsm_rule); } break; case AUDIT_EXE: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4effe01ebbe2..7566e5b1c419 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -445,6 +445,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -643,7 +644,9 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, f->lsm_rule); } @@ -658,15 +661,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_rule) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rule); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, n->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rule)) { @@ -678,7 +683,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rule)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3689081aaf38..5bcd6011ef8c 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -370,8 +370,8 @@ static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr, return -EINVAL; } -static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int security_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 5380aca2b351..7711cc6a3fe3 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -414,6 +414,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob blob; if (!rule->lsm[i].rule) continue; @@ -423,7 +424,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = security_filter_rule_match(osid, + lsmblob_init(&blob, osid); + rc = security_filter_rule_match(&blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); @@ -431,7 +433,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = security_filter_rule_match(secid, + lsmblob_init(&blob, secid); + rc = security_filter_rule_match(&blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index 5f503cadf7f3..7c386cbe4cf3 100644 --- a/security/security.c +++ b/security/security.c @@ -439,7 +439,7 @@ static int lsm_append(const char *new, char **result) /* * Current index to use while initializing the lsmblob secid list. */ -static int lsm_slot __initdata; +static int lsm_slot __lsm_ro_after_init; /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -2412,9 +2412,21 @@ void security_audit_rule_free(void *lsmrule) call_void_hook(audit_rule_free, lsmrule); } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void *lsmrule) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, lsmrule); + if (rc != 0) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ From patchwork Tue Nov 19 21:45:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11252691 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B5B186C1 for ; Tue, 19 Nov 2019 21:46:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8D0D72245D for ; Tue, 19 Nov 2019 21:46:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="i400tjzB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726911AbfKSVqJ (ORCPT ); Tue, 19 Nov 2019 16:46:09 -0500 Received: from sonic313-15.consmr.mail.ne1.yahoo.com ([66.163.185.38]:45106 "EHLO sonic313-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727082AbfKSVqJ (ORCPT ); Tue, 19 Nov 2019 16:46:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1574199966; bh=pQnVgBDQ9FVixicaxYpRVJb7Y52n1wmRYRG9yF/IRdE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=i400tjzB6LJ3Q4KVR09Zuat8CaekpBG4tW3q1SrL8jyKQQsHZ5UgkcC8M6MyCby3I37kf/zuT2Z0L80xEeRqt9a4qXe5rWvTEzCZm4PuV+7p0pTi77SVj3lIJquoP7M3g+cdYpjQ2N6xWnNR37uh3sSs4dAUZBEwL9e1bY3GBBMDBGKlOE5LkpwENGyyuHvcxb+sxhS5Tr2f+2LsvrMlLE66EAq6Gqk6IansMQR/98QyGqAqUfUEWZZAZmXEBN4fFhWos89j3AfId1uXnmQRTsN5s8XA4YACXryJeLlAl7ScRUZA0wfy7vK9Z3Xx9j4fif93bG87rQAjb5Z31I7grg== X-YMail-OSG: 0nqfzzMVM1k6tEwaC.Vh02X0c0.0H3peqHOAegE3DLeEcHx_mP3fOuZg13wn2Qk ULi5f8tyUDIRdkX7d2aXmTj7272stm_ta8UJk32CccufX13TesTHZdtnSIyUO_SbW.D4NdcgSMN9 PnGmT5m5vPDM_DFSZ3jaCdHjmUJCC3tYi.RsWRJ77UxpbeNCkKLdo0qIafo7RzdWJQj0Rdrk2VSC IaFlITFHVh2z_dr0bLDunL_3AgCCJvtB6zBAmFW3TGwXOsQCGMNcrPKChwiiQK1OsQA9TwYiHUx0 _GXH7Jl5LgSAtyRUq4o56iGv3uso2OcG4d_PD3JGSi5_SVitlN1vjQJR9bi81mMxsu8KsqJrIs29 nvhXl5uQYzvVP.z71QZVVKR4HdlIZgXgHipwVFSO2pu.LNV.FyBGwEIfr6V.fD0MoFOn2glo2YJL R3L51tEsQToWjRdAje_pMmnYzEuMVTmo2YpI6bdJ4AOVo_yb5s6PWVq9RNBWzsNU9cHsLsoGK2yD A4tguHDZ4VpKcK0j4bPCgf6bVcpSNF3GugdHPaPiEvLmv7CiEF6JfvsZRcQf3s8g3AKjINMZVIEV rSe66vaqIC.fOGP9QOb2HyjOFrPZLtRZDkybzHPQDqzikeUwim62PaUXqg76y_bKh4XhPYlcCrKW B7VHPer6mqEgUVcoCJOP3uv35JcvIW_dHXie0zLFUFEuOpUixEvt.pf_fBRFy66n9fhr.RIno9oz 9VpZrq1bwjPnVFLyKIr7PBfe8PrjlcerT99eEd9ax4piFp3t6kAQO4B83o2oIFhwNIoJfYZdPDqZ zacz3vDowHJn.cvuKzZYcErlfbUhXkicPzOMaju4LWGcuGH.OhQIqfGDlMXRnHR6O3K.c3ppXMHT oG1CjB0a8MqQLFUvmKQbolFduT_qBjobjxN0RF5y3T2ES9aYqw1xvJUAtppQETsDOWSO9QEWznoJ CkP_9Q8zLyGpnT4Q8rY2RKiaPAjDoH6NZdNru1_FdyhiZwx5N1UKN6s3cnSiGbXVO4D9mYlfcjJA mKIIWlZgl_pTS4aoluwREULRQjxTjwg2AWgcOJ_wPY5J0nv9cZgQ7KGkkkC75.fyL0YlvMlwaCwa EpvyWyRmc7PgDw1OtKx530cRO2LoNh2Sm8Ee4aLFOG5iXHAkCWGiLEE0xP0NNa3KLytTFxlZKbPv paXpHxGqpjdsXeW63agN_iW4ObRh4t5qn5E4qHOkp84qkw1V5al61rHd77Rk7ljLhrzKQs6AGrJS 8poLDCbJQw0IcHsrvj6rzksywTkoiTfu8_1MnvfHbVFZBbAmajaFmGKbZgsIbTXKCUtAi0qq84vS n7s4TTyoWC.1dvDoqnjmKQhRuTIUIV5NgNjTlzGYXLaCUz_szhNh8DXFjqISkVRdncJ5nx.0Yn8i BG1FCFB9.ScHdx5zvlEL_8MnWA.4F17ePRpYoHO26UkpcfFhf Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 19 Nov 2019 21:46:06 +0000 Received: by smtp406.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 44ccda8ccd0493c5e1e3acd1964ab202; Tue, 19 Nov 2019 21:46:05 +0000 (UTC) From: Casey Schaufler To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com Subject: [PATCH v11 09/25] LSM: Use lsmblob in security_task_getsecid Date: Tue, 19 Nov 2019 13:45:57 -0800 Message-Id: <20191119214601.13238-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119214601.13238-1-casey@schaufler-ca.com> References: <20191119214601.13238-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- drivers/android/binder.c | 4 +-- include/linux/security.h | 7 ++--- kernel/audit.c | 11 ++++---- kernel/auditfilter.c | 4 +-- kernel/auditsc.c | 18 ++++++++----- net/netlabel/netlabel_unlabeled.c | 5 +++- net/netlabel/netlabel_user.h | 6 ++++- security/integrity/ima/ima_appraise.c | 4 ++- security/integrity/ima/ima_main.c | 39 ++++++++++++++++----------- security/security.c | 12 ++++++--- 10 files changed, 68 insertions(+), 42 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 5f4702b4c507..3a7fcdc8dbe2 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3108,12 +3108,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 9519b4fb43ae..67f95a335b5d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -447,7 +447,7 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1099,9 +1099,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 2f8e89eaf3e5..fd29186ae977 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2062,14 +2062,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2276,6 +2274,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2286,7 +2285,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 356db1dd276c..19cfbe716f9d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1324,7 +1324,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1355,8 +1354,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_rule) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rule); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ce8bf2d8f8d2..cccb681ad081 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -444,7 +444,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -641,10 +640,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_rule) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2382,12 +2380,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2403,6 +2404,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2414,7 +2416,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2435,7 +2439,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0cda17cb44a0..e279b81d9545 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1539,11 +1539,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 136ae4e0ee92..7288a574459b 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -48,11 +48,13 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); + lsmblob_secid(&blob, &secid); return ima_match_policy(inode, current_cred(), secid, func, mask, IMA_APPRAISE | IMA_HASH, NULL, NULL); } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 60027c643ecd..cac654c2faaf 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -380,12 +380,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -408,10 +409,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -432,10 +435,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -544,7 +548,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; if (!file && read_id == READING_FIRMWARE) { if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && @@ -566,9 +570,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -687,11 +692,13 @@ static void process_buffer_measurement(const void *buf, int size, void ima_kexec_cmdline(const void *buf, int size) { u32 secid; + struct lsmblob blob; if (buf && size != 0) { - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); + /* scaffolding */ process_buffer_measurement(buf, size, "kexec-cmdline", - current_cred(), secid); + current_cred(), blob.secid[0]); } } diff --git a/security/security.c b/security/security.c index b60c6a51f622..e1f216d453bf 100644 --- a/security/security.c +++ b/security/security.c @@ -1700,10 +1700,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Tue Nov 19 21:45:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11252695 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 78EAF6C1 for ; Tue, 19 Nov 2019 21:46:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 51B77222D3 for ; Tue, 19 Nov 2019 21:46:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="iEW6y3wj" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727262AbfKSVqS (ORCPT ); Tue, 19 Nov 2019 16:46:18 -0500 Received: from sonic313-15.consmr.mail.ne1.yahoo.com ([66.163.185.38]:44691 "EHLO sonic313-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727140AbfKSVqR (ORCPT ); Tue, 19 Nov 2019 16:46:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1574199976; bh=fVLWr87l6j0R/gnScLqNrHSBH1hKgEnFzkqP1Bp6da8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=iEW6y3wjZL7O9PK90+CqJBsk1f6RYUz7F+jCOhel/OXjT7APuMT0Y/NBHB42TQERkfEvkCk2g7vkicF3oJjOd9Z/L9g2v9fHccCX0emidjfveIgcVFEtuN2gKQUNT9Z00eksUog98Fv9TbbiApw0cAiXc+f2W7Es3oq+03d7B9uPKEbvplKUe8VE5d27E1GAIWiu/PpMTv2dOexivC64vTmR4hqMdv2EGrCiylhzeru6/M2r1f/f+tfuh5oda9iHYAeO7EJldY0hA5rKDcDiq20xAXPHFAiHJz5p0y7RPhiW/88aY/GOw4ziQzeL/J7QNBjWKZq9c0Z3HgsRfksbIQ== X-YMail-OSG: bS.2J0YVM1loSwDzZ4_wOZ7cI1Go6Iy89IGnAvBb8MFeWT5GH9NUj0co.1PVmIW WarMB0NxOWyl6wPW_R6mrsSNz9Xc9HYU0__KGXVaQVgcsMQfQouX5_IbvHxlfcb5Jo1uFDbS6Plt 4yOtDq5sijDFYB7fZXpH1I5RkVyMBXJSznJ_OZcEiF_.Z7NFZcE6_..FZSIjxJLEZeyTUlNouH37 2Gn2OcIC6Sr.cwy9Suszipq_dRh04i48Thz4TXbtdFl1OVtXp.GHcpJRoMCYA.F_N.e1GRxH1oN5 c3rTBHaWAASRnAthFVVDO0sR8pR2LfmEtaTsc9ZMbvalA8fgOfbs2.g6JQvqTiBvuPZHTpAnlNAz A2AIBaN7er8RFY47AZ1FM89sqHZ7WeyGhAvBoadlMmpNxBpcF25Mp2c5nUhNkG6wLEVdHHahCNBh WQgDLTkUaWLdf0wWYhegiiSFv5bfzk4KwW7cd9yNCLh3dm.g0uvEAUKRFkMeOonEXrzOawEnUe83 _iVzxHU7aFiUfF_neqfscnIlgbV.BZqW0vPFHtU2jqJ8uYy8tyqvVFeq2TG.UO91TONYtHTI6MuE ix7qquBnzvZins8LYmzNVdQ9ojwwtbdr6mYpuH6Z12vnnpFg0pFZDIWWRP0dMHVD_rzFEBRqTHlG m829e1gh4l9blq6q1Ysj8q_UMTbyvEKCN02kZZSUARtvrSxR05ZcJgSnJ8a1Ax.zDDRlYqEedKs4 uS.S3lWxJUvkqaJ5VZ8DkE12ZuHeRnvaDMVFrEGwz1lbx5yTAuzDw_OCYWzlE.H0xmToUW6Zewhs mKx9KUL9Jio7D9AYOl4mLEjco1dhiR64_qQoNCfWi86e1X75DFgqG7y3Sp768VxJXlyWcyt_a9LX UoCrcvlA70pg6uQULfhrZq_CZFTf1wq1E8bTNAEMEQuuXc4hjnBKuBhLnm8XCVXBRTlx8jBrxPBy GATfLXocYyyYpnoVx.eOe0LzARrjXXQYqkXPuGIXu5TCmuwxRK0IHi_bQ.VTahhMRqiiUyU3U41j JuA9kB147rK5tZG7n9s.I3cxBZBtp0SxDWEkLjmkMqV2rmqLr8AhjI1PrVPhx5YCx3NjmvShL5Hn 7vpvdZQYLiNinnYqmPpBiag1160Y1s_ik5NVXclBZf0d_fUWpxDDPBU64K7Dc7Z_ZMTZaFbNV2Ac txXigenEpeJoqAgzLLYviprKd0nJWlX0f3j3YOlQJLgeJxFBk137tl9VRHt_nWf.WdTEceli1S.7 aE9efCeV_WIX01JGa3eC6Q_9iHivd4Lclbo5Jriff9.oIcRtKVbSG0.YWreqp_cmetoXEjPXemRx GOPD8C8COtMVIT42BULq6pVEJ3NPrw96CTdXxqULK1NDDeYInIN9dAsp8DDdQBjdDnToo00ok65l FGB02mieCgy6OIIjCRt.xXpJhDeEZ.FMJSL3C8VWT6ETYGI400EY- Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 19 Nov 2019 21:46:16 +0000 Received: by smtp421.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID ee2e3e844c72ed99628860647e58ca83; Tue, 19 Nov 2019 21:46:13 +0000 (UTC) From: Casey Schaufler To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com Subject: [PATCH v11 10/25] LSM: Use lsmblob in security_inode_getsecid Date: Tue, 19 Nov 2019 13:45:58 -0800 Message-Id: <20191119214601.13238-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119214601.13238-1-casey@schaufler-ca.com> References: <20191119214601.13238-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 67f95a335b5d..a845254fc415 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -407,7 +407,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -922,9 +922,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cccb681ad081..5752e51883d5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1931,13 +1931,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 7711cc6a3fe3..c5417045e165 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -413,7 +413,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob blob; if (!rule->lsm[i].rule) @@ -423,8 +422,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&blob, osid); + security_inode_getsecid(inode, &blob); rc = security_filter_rule_match(&blob, rule->lsm[i].type, Audit_equal, diff --git a/security/security.c b/security/security.c index e1f216d453bf..bd279a24adfc 100644 --- a/security/security.c +++ b/security/security.c @@ -1386,9 +1386,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Tue Nov 19 21:45:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11252697 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4A8AE1390 for ; Tue, 19 Nov 2019 21:46:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 104C62245D for ; Tue, 19 Nov 2019 21:46:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="LHRYxu1P" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727140AbfKSVqT (ORCPT ); Tue, 19 Nov 2019 16:46:19 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:40377 "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727532AbfKSVqS (ORCPT ); Tue, 19 Nov 2019 16:46:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1574199976; bh=nTAPx/fjQVqMX27cfMvcQ9mzjwgWmVxFhIf02x5QyQI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=LHRYxu1PX+HMqwY4aCzrZsy6zIQAMXTlIHaMGnRwly8SchPVkZwsLGNfIpbHqZOZgE9x4B/fdpAYU4C4VJxj/Xq5ZvEmx013mxTWCJHrf10AfjZK9JJWfafw355i1p6HD3vQOITJUh01vOCaUzFs3CgyPNLbH0RFFTk7Zjt38vrLiySsyEbdvhUugsEQzZaxIMLNeNQAL5lMYpqkBQkn8+rwoe8ruvSkoMeLEmdlpNIBEk0ETuiv9ul5jeVs9m99W6q3KjiVbyiDp8e1kdutoGpOkfPF8nHQzb1bVVs/Py/7BpdE8VIBU1Vx/SYtYGanH06fHKHodsLkAoCxGxTXsA== X-YMail-OSG: 3EYhlXIVM1mdQFrmDdAdm_n5bd4mAXI6FfOdwCESiDw5uVq6zCfs2Yoy.jSml0T We2d4G7XGG3lbiIOTQbfYIARyk21d0AQJwUR3OVsw8yVzY9H20zjJ5rMZOiqSDkgEZ2xug1lZvCw GK2BOku7m5TZU2Zm2IZS_0Xsw5m0p1JxoRQItyxb3zmVVJurhaPIgUitc8vxxCwUj_vnH8hthPSU LmtJ.BOF1sjuAws49aTbKOVWUaypqcQFK.oju2Kmn_r3U9thxb1trwfvup9sA43XkPUPR8kqgJ7N 6W4ld7j.jIxjjfdgSxGSlX6mKfjmjlfRfy86LOE6gKHoEKO6qWwVmItjUrD73ATl656Sl6k0LszD Bue97l0b.XkPz0EUcaBkZcIWG5Fq.eLfPTvujN2IPS4rXahoXSfuhgRj4jCAL_R34.Ql9wLpY4aa 5lBTs7W0Hpleos9ujR.GAnlNiWtX_ivRHTwVaen7bCjEva98ImkkfTrokzr0RDE8wLzUujUv7ty5 rZuHBUJSMNVBBHhwemD40.wMgHpjoaYpJWmCQ.aDzc95YZ_72jEWkYW539Bl6Bb7eXI6gRd0FHQm GziZlA9HJbVg_dXOTKSi.FCYlGrqCYbocnkeSdixTMndJn7VBadI6x3m7fAivjsEZix4qmMeBsxj kcuyOKDryoBMMRRnHkSGahOXZQijzPwFseRafAMZ9PFYyC3vvqTyTKKfr2W1wmwf3Pxt.kzvmaUd 5VvubRObu1ghiKjzpNmuLJkpzaojC.FD.6Cebnsv7SIqQX_.LOEjM_Kbv09NWQpGrAptbvI8iBof F2frinBJB8U1dyVlq5ZAK7Ar18pLjp3a7m8PJ6fOo.ge1LTgkrXhJaUwtmuzHMZG_R6NwXmWeCzo m8VEsyii5oooEjdf4rEyMdTyu0Jn2uNfACecMsAMaR2ujZ9gA6UNInLCokq4JnvYUjsPu.c0quK6 xuoFPHZALgSXUIYVEe9FfiNfyFG_Jd3ZD2rghspFSkvIP.kiLv0g4cBnBumQaXoXKgf9hUVX52dm 4CVdS_p3UtD0IrOsfINUftsLMz6nuxsCuAZwFyrMnuLCAx.39Cuszw.e.1zkviReFadfJDdL6bjp o0MCpV7euigpP3QqNinpsV7TofWIFfKohBler67veIowhwxcHq82D3aWsck8a_4e8Uyhpr.NjSST YyOXGxSwsVw2UttJNjzw4NrwBPaTNNuOpyvMOFZLQYhYHm4Wd7DNTc9M2HjCosXM1Bz1V8iTEaK8 U6ASuMxoWSfY4e6faEII3c7BiGR21KYtjP_idliOSW8dcYNhprLfSBMhX1wJj46DALJ0IJYeLmI6 2FkljiHbSAv35qB2H7rLSluloUYHns83L5Q40bEz_6pqehj2eSlQ_sUL2sFs0FoV.tlrRCx2ZNCU rIEBZk_5cuspTQVdC_GG.RGyPFZvfpmOr.t4siNUEsy980So- Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 19 Nov 2019 21:46:16 +0000 Received: by smtp421.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID ee2e3e844c72ed99628860647e58ca83; Tue, 19 Nov 2019 21:46:14 +0000 (UTC) From: Casey Schaufler To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com Subject: [PATCH v11 11/25] LSM: Use lsmblob in security_cred_getsecid Date: Tue, 19 Nov 2019 13:45:59 -0800 Message-Id: <20191119214601.13238-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119214601.13238-1-casey@schaufler-ca.com> References: <20191119214601.13238-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 2 +- kernel/audit.c | 19 +++++++----------- kernel/audit.h | 5 +++-- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 43 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a845254fc415..f7bc7aef95cb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -434,7 +434,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index fd29186ae977..ba9f78e36d1e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -124,7 +124,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; -u32 audit_sig_sid = 0; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1416,23 +1416,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2274,7 +2272,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2285,9 +2282,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 6fb7160412d4..af9bc09e656c 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -329,7 +330,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; +extern struct lsmblob audit_sig_lsm; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5752e51883d5..c1e3ac8eb1ad 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -112,7 +112,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -957,14 +957,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -973,9 +973,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1546,7 +1545,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1555,7 +1554,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1733,7 +1732,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2384,15 +2383,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2408,7 +2404,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2420,9 +2415,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2443,9 +2436,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index cac654c2faaf..305a00a6b087 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -408,7 +408,6 @@ int ima_file_mmap(struct file *file, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -418,9 +417,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index bd279a24adfc..3aba440624f9 100644 --- a/security/security.c +++ b/security/security.c @@ -1615,10 +1615,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Tue Nov 19 21:46:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11252701 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 024926C1 for ; Tue, 19 Nov 2019 21:46:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id CFB3F2240D for ; Tue, 19 Nov 2019 21:46:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="phiocXAD" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727403AbfKSVqW (ORCPT ); Tue, 19 Nov 2019 16:46:22 -0500 Received: from sonic313-15.consmr.mail.ne1.yahoo.com ([66.163.185.38]:44092 "EHLO sonic313-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727532AbfKSVqW (ORCPT ); Tue, 19 Nov 2019 16:46:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1574199981; bh=LfZjM4efI1ndLKOfcohV7YwoVdWrRHtus0U2gr1s04M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=phiocXAD8NGgqGw7gKWXZtb+59HhouXzZyHcpWwgkNFvV8A4NfPyULy+HUdCc7pj5CFx7MlxcZqnXraHAiYjxqccvAn0a12qAVIGutNsm0buym4zsnflY9qf81PI5pHVwpfIWdifAG3y05V/CG+uOBgsR6aX6MB52YswxomX6tE59PW2D4d7Vd8JVPvcYiVhgz02YcGu3Ae0D2I2UcLg92JmFImlJutqDcvdGZyv0lc6r1A0ewltvU4TWmu/jp+wPqvzxbmo4HiF4p48INsWWavLQ6WTYKMScchjW9jFPNvAjspC0qY/qJ8JLti+RDgabDsOV2iG3isKH3Y3s1TfDQ== X-YMail-OSG: bZjmC50VM1kzPITO_IwEojEEdOwvykG1K1HlztRD7W7UoSZAcGY023mjc5MOlW0 lYnwnHmbZ1cdD3lGeOVI_P7JgjkPayq5Ub15ljWAofU5DD9n1qq6gcohIzcwpmuTIHjk2AiAnm3z zhIzxl7MPK7j17_50c1gWmIIbUEOv6rGxYJ_Dx.48qm6QS8Y2zXnwoEjZ2diqmvGc0na9DSmG35o Y3eF5iDFfmXpgA9bxSt9Bndr2GBB0v.FBjMcVDx32LoK4sVZ4p.9Hx4sYoQLVRev6J5mCUu6lLLK W3V3YdAZhW5vCCy_4HsAnAYOYBe4JSExudq8E3AvRHrTVsPsrabKaF6bwASQl6dZWNKfw_Fxu0Mr ZSI49BeQA0i9.TG0XWz30uuYHf2I0xSsTk_2xnbgo0qmIsPc4tMdFt5qlURBK4rm54Ek3ITAgK.j lreZFTLehZr3Z4HdA7125nfZmh.1QeT0gM3KVzaPRkfKfInYYQT.VPYkJtIk.CeuUQXQOx.A1RWh 7AUqD9Ok7.VwmascnloVp7cvJEzPjnVwj4Xp4qXsGD1_kAk5Ik8ZnhqHHyEyKWQU6z90wrr70osg 3uXvkTVWFmeOntBoK6ChKpqwR2J52JTnhAWGpuiA4.Sz4qyIU8XJ_ZQ2WDPK9pyA_fJ1XdlE8Yey JPcoPPheKZnIQwYb9EHfAiu16hMPrOjisEOmMsdkkgvGqg2XGH_TuZ4nSS.NWfy1EbJY__8rWzya CTnHvWuHoQsnpp1Fu9xi5KdwWuX.dCpmlTcCVXtqLw2gHUjydoG682HO1sS5H7arF73tsDM4kLeZ bu.YEJgvDE3CUk5wh_h_vi9jeZoNnHD4ydYwmR0lgAf72ileRjwbrxNx25PpiKlwsMpUP3UTXm8V zJGXtOqiQF8qbxyrO5TKnFAtdJ4LVJD8GM8YQDKBmuX6QURnJWaKT3.2P6orJT_7I9Xmb4Iw5nOQ OXIaV57rEUPSw_WsRL5vrD6U0CNQafu0h.QY4IPpkdbgUnF8qYidlOa9eCOW3ieP4cEjtiXOCD2r smHyoDTYTASVBYxnlzJGY.BCvkriYHSf.SlGhg0TBxLvnigCLNQZuzVRKeej6HmEWttvj6B1lVki coJsYIYTxghH014fh_rKGRDfwgoRp5refkcTRCOkOitVE1O_jeqd5_7tUFWqITv9i5_j_.BIkyNW zCC_Kw2AmKF059WVjHKqR1iWjm_1svL_zPGibKOC3TT3zot7F5FDbnLkjPqLxW6U4zFVsHnJj8Hu k.obXM27nyq_dwvIcDo0ASuzPYWvmPlJz57Z97ssTcB65XaFhikUUg8qdpX5jRCsXMeVj0PvG7lD k3BigT4ZYCmq8dMRgycW1BIVreR2C0xcVVqH55D03L9lvod.Fv_5L0fpL5N9aJnInoubuyXlygip EHDOLWg6.bGwtVR6GICRW4cc041rro_cf0tMZ6FWsjX8zdA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 19 Nov 2019 21:46:21 +0000 Received: by smtp421.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID ee2e3e844c72ed99628860647e58ca83; Tue, 19 Nov 2019 21:46:16 +0000 (UTC) From: Casey Schaufler To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com Subject: [PATCH v11 12/25] IMA: Change internal interfaces to use lsmblobs Date: Tue, 19 Nov 2019 13:46:00 -0800 Message-Id: <20191119214601.13238-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119214601.13238-1-casey@schaufler-ca.com> References: <20191119214601.13238-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- security/integrity/ima/ima.h | 11 ++++---- security/integrity/ima/ima_api.c | 10 +++---- security/integrity/ima/ima_appraise.c | 4 +-- security/integrity/ima/ima_main.c | 38 +++++++++++---------------- security/integrity/ima/ima_policy.c | 12 ++++----- 5 files changed, 34 insertions(+), 41 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 5bcd6011ef8c..4226622f50b1 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -205,9 +205,9 @@ extern const char *const func_tokens[]; struct modsig; /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc); +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, struct file *file, void *buf, loff_t size, @@ -229,8 +229,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc); void ima_init_policy(void); void ima_update_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 610759fe63b8..1ab769fa7df6 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -163,7 +163,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -181,15 +181,15 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc) +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 7288a574459b..bc04c6f4bb20 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -47,15 +47,13 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; struct lsmblob blob; if (!ima_appraise) return 0; security_task_getsecid(current, &blob); - lsmblob_secid(&blob, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, + return ima_match_policy(inode, current_cred(), &blob, func, mask, IMA_APPRAISE | IMA_HASH, NULL, NULL); } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 305a00a6b087..a8e7e11b1c84 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -190,8 +190,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -214,7 +214,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -384,8 +384,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -411,16 +410,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -438,8 +435,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -571,9 +567,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -632,13 +627,14 @@ int ima_load_data(enum kernel_load_data_id id) * @size: size of buffer(in bytes). * @eventname: event name to be used for the buffer entry. * @cred: a pointer to a credentials structure for user validation. - * @secid: the secid of the task to be validated. + * @blob: the LSM data of the task to be validated. * * Based on policy, the buffer is measured into the ima log. */ static void process_buffer_measurement(const void *buf, int size, const char *eventname, - const struct cred *cred, u32 secid) + const struct cred *cred, + struct lsmblob *blob) { int ret = 0; struct ima_template_entry *entry = NULL; @@ -656,7 +652,7 @@ static void process_buffer_measurement(const void *buf, int size, int pcr = CONFIG_IMA_MEASURE_PCR_IDX; int action = 0; - action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr, + action = ima_get_action(NULL, cred, blob, 0, KEXEC_CMDLINE, &pcr, &template_desc); if (!(action & IMA_MEASURE)) return; @@ -691,14 +687,12 @@ static void process_buffer_measurement(const void *buf, int size, */ void ima_kexec_cmdline(const void *buf, int size) { - u32 secid; struct lsmblob blob; if (buf && size != 0) { security_task_getsecid(current, &blob); - /* scaffolding */ process_buffer_measurement(buf, size, "kexec-cmdline", - current_cred(), blob.secid[0]); + current_cred(), &blob); } } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index c5417045e165..e863c0d0f9b7 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -368,7 +368,7 @@ int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask) { int i; @@ -431,7 +431,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&blob, secid); rc = security_filter_rule_match(&blob, rule->lsm[i].type, Audit_equal, @@ -475,7 +474,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -488,8 +487,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc) { struct ima_rule_entry *entry; @@ -504,7 +504,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask)) + if (!ima_match_rules(entry, inode, cred, blob, func, mask)) continue; action |= entry->flags & IMA_ACTION_FLAGS; From patchwork Tue Nov 19 21:46:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11252711 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D20901390 for ; Tue, 19 Nov 2019 21:46:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8F9C72245D for ; Tue, 19 Nov 2019 21:46:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="M9b06rDT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727415AbfKSVqf (ORCPT ); Tue, 19 Nov 2019 16:46:35 -0500 Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:41197 "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727407AbfKSVqa (ORCPT ); Tue, 19 Nov 2019 16:46:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1574199986; bh=4BNeK1T0pzd/wMsy2qJfXPnWbLa7Th6PwCe3mqGs/OQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=M9b06rDTLZA0mf52zjEPjj64ypusM3b/QkA5sHMJn0VUkdF1utOSUPI7jw2ogkkGnzDQXMXik5fYt23hMduKbC7orQDUTIWEiV/D8Fd30eNeeKJUf6JAANLsyjkTUjohRyDoHYg99dkeVEobQ9D1qa17rMX2UAMXeyaAmrqSWTPpUdTsjPSNxHbrmyhNZZh6TpoxOr7EAomzCWxc1gPqDZtUwilF9rkH+FmJDuCSLPR1CRLp8Yv8/GC2KQWsRU9VGUPJSY5XoLeZfds64toFjLsa0oFlPJHT+K7EloRmt6t/exEb+NWd5QqOutFE9+4i7ogaO8oL1GQoabKKCy3CEg== X-YMail-OSG: FF9SFu8VM1ljuh.fv4b1p2EgrXsWwnQPQ17ymjRhpragb8c0LJ0prVK13ESJn_t xG6rPCss5QQ2f3G_DNYwswss6eSicnQAg9gi0yA1CFtQCf6ZwpurWVhdcQegDO9TDeuzDpZe9yGw UQvQ3fDqEQ2UMsmoEK95qKk5PcMnS5G1.TA20XJExBpkIzSAJvddk9qy6yZyduPS8LS7fMeeo_q7 m4wfntgv_HhAIhSeOq_SeoL7CHo7T6.Ld7vtQOHVLNhESpGS2xBz7WGtDHE1btHt6VE9XPfavK3r ESyErJ8F0AQDW2nZknK9CofwE762yBve_Nj5i_7hrA4cpj_GbGhg17HhFyoZxzNYZ_rF4Wh4f8AX rS.mTZzeTlhNeAG9Nz.gD.IhJm7wwoTZrmsgtQ0SW.Wt0IGsUWAIGrvnoD8v2ClE.qzfcd61QU2X hVADifVoWZhs1vw2EgTfSNiDebY0ZJq70yl0QSWjFrZvlFUc_uOcQxXWHZxzHGFG3U_CdDDkGUcd P.qHbXYfA_8WWm_rpHctWPwd15K4QO3C26zxOqeT1iuVT3BNkwcUxkrc6RB4IjS5dJxg3rMVETQJ CYkmqbATJykOLdmtgzFRHraActhoEnUQITgzmE3Y1e0ho0kUPe7ZTX1yH5Q3bZv4BtliIklLWT8F 4v8C5NDd376VNYHAjT0NNI4cQi2Rnp8PTkRqgnUx5S81ty_c66qysqQKZDQsqUlFEsqsfBlVpIj7 Dm1ig.ee8eBdQcivYTMJ6ZLsp88RD4g5z0YAk7of_9QkK.eO8R9XkQ3d2H.klwws1HXP9SAe8dzO oNztrz17tfcKZ2ZxsYi3nGgcYypnzpvCD7HADVnaeLWYYL8lyPsPpUeZKFJ6lm7MAl60k9FPhCmK AAF573Neozb03A3LDsa1XNoPXSJGpYjLgP0JO9T.mUA_teFBA3zZkomX5tPf4kzGO1BFHTX2Wbux cgf2GNoZFF6EL4nHERZSG4LCpkkdv8br4kXPQ4ZZc967Vwu7IjnhvHLtxbwJ3LfO9Vltiy4w6GBs 9hz7hFBPOkDXwtTxn4zDcTGeWVISeSCeD5BiNHU_erGUGDPmUz7MmOwvE3Lr7gsWfwOtc3Lrm4.X 1DZBIeg6MKIx6y41Dinv6WoqqrkeM8597DVmW7I62qy8mD7z0vrkSAGBfOb.mR4YTUYPRNlQ_4EZ KmHutJ.zUCE04oq4VTzV7v9hKm1BQodAFlY2tycGgBIBcgDTXY_fsDxCQd8WF7WkhluYg9Ia5UtP duOUhmmOSFYDkDuT8kotCTqXxDg8Iztr9bGeJrhIumpwLs6CvNXWSDli7rOqOl5KTKqFzgAozLAH vH5SPgB9iAOMJYGVXI2pAlP.RsecdOc5T9_CVcplZWlBSp1WVC8eqduBRuAJ5oXHdDoufQ4d.Txk CSqBB94YNf7LqL69Xs0W.Y2GPHWvn.xAQPYZH7Hrxvg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Tue, 19 Nov 2019 21:46:26 +0000 Received: by smtp419.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a1ca224c825f788dc243ce36a3794106; Tue, 19 Nov 2019 21:46:24 +0000 (UTC) From: Casey Schaufler To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com Subject: [PATCH v11 21/25] Audit: Add subj_LSM fields when necessary Date: Tue, 19 Nov 2019 13:46:01 -0800 Message-Id: <20191119214601.13238-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119214601.13238-1-casey@schaufler-ca.com> References: <20191119214601.13238-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add record entries to identify subject data for all of the security modules when there is more than one. Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.com --- drivers/android/binder.c | 2 +- include/linux/audit.h | 1 + include/linux/security.h | 9 ++++- include/net/scm.h | 3 +- kernel/audit.c | 40 ++++++++++++++++++- kernel/audit_fsnotify.c | 1 + kernel/auditfilter.c | 1 + kernel/auditsc.c | 10 +++-- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_unlabeled.c | 11 ++++-- net/netlabel/netlabel_user.c | 2 +- net/xfrm/xfrm_policy.c | 2 + net/xfrm/xfrm_state.c | 2 + security/integrity/ima/ima_api.c | 1 + security/integrity/integrity_audit.c | 1 + security/security.c | 51 +++++++++++++++++++++++-- 19 files changed, 124 insertions(+), 23 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index cc81d0f540fd..0ca841ce2de9 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3111,7 +3111,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_task_getsecid(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/audit.h b/include/linux/audit.h index aee3dc9eb378..950d2d141cde 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -160,6 +160,7 @@ extern void audit_log_link_denied(const char *operation); extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); +extern void audit_log_task_lsms(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); extern int audit_update_lsm_rules(void); diff --git a/include/linux/security.h b/include/linux/security.h index 5da16f97f2be..79f5177a6b52 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -178,6 +178,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "display" slot */ +#define LSMBLOB_FIRST -5 /* Use the default "display" slot */ /** * lsmblob_init - initialize an lsmblob structure. @@ -219,6 +221,8 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) return !memcmp(bloba, blobb, sizeof(*bloba)); } +const char *security_lsm_slot_name(int slot); + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -528,7 +532,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int display); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1332,7 +1337,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int display) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 4a6ad8caf423..8b5a4737e1b8 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -96,7 +96,8 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(&scm->lsmblob, &context); + err = security_secid_to_secctx(&scm->lsmblob, &context, + LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, diff --git a/kernel/audit.c b/kernel/audit.c index cd0024c89807..77e5d54a3e30 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -392,6 +392,7 @@ static int audit_log_config_change(char *function_name, u32 new, u32 old, if (rc) allow_changes = 0; /* Something weird, deny request */ audit_log_format(ab, " res=%d", allow_changes); + audit_log_task_lsms(ab); audit_log_end(ab); return rc; } @@ -1097,6 +1098,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", audit_feature_names[which], !!old_feature, !!new_feature, !!old_lock, !!new_lock, res); + audit_log_task_lsms(ab); audit_log_end(ab); } @@ -1347,6 +1349,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) size--; audit_log_n_untrustedstring(ab, data, size); } + audit_log_task_lsms(ab); audit_log_end(ab); } break; @@ -1361,6 +1364,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) msg_type == AUDIT_ADD_RULE ? "add_rule" : "remove_rule", audit_enabled); + audit_log_task_lsms(ab); audit_log_end(ab); return -EPERM; } @@ -1374,6 +1378,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_log_common_recv_msg(audit_context(), &ab, AUDIT_CONFIG_CHANGE); audit_log_format(ab, " op=trim res=1"); + audit_log_task_lsms(ab); audit_log_end(ab); break; case AUDIT_MAKE_EQUIV: { @@ -1409,6 +1414,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_log_format(ab, " new="); audit_log_untrustedstring(ab, new); audit_log_format(ab, " res=%d", !err); + audit_log_task_lsms(ab); audit_log_end(ab); kfree(old); kfree(new); @@ -1418,7 +1424,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) len = 0; if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -1477,6 +1483,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) " old-log_passwd=%d new-log_passwd=%d res=%d", old.enabled, s.enabled, old.log_passwd, s.log_passwd, !err); + audit_log_task_lsms(ab); audit_log_end(ab); break; } @@ -2055,6 +2062,33 @@ void audit_log_key(struct audit_buffer *ab, char *key) audit_log_format(ab, "(null)"); } +void audit_log_task_lsms(struct audit_buffer *ab) +{ + int i; + const char *lsm; + struct lsmblob blob; + struct lsmcontext context; + + /* + * Don't do anything unless there is more than one LSM + * with a security context to report. + */ + if (security_lsm_slot_name(1) == NULL) + return; + + security_task_getsecid(current, &blob); + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + lsm = security_lsm_slot_name(i); + if (lsm == NULL) + break; + if (security_secid_to_secctx(&blob, &context, i)) + continue; + audit_log_format(ab, " subj_%s=%s", lsm, context.context); + security_release_secctx(&context); + } +} + int audit_log_task_context(struct audit_buffer *ab) { int error; @@ -2065,7 +2099,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) goto error_path; @@ -2172,6 +2206,7 @@ void audit_log_link_denied(const char *operation) audit_log_format(ab, "op=%s", operation); audit_log_task_info(ab); audit_log_format(ab, " res=0"); + audit_log_task_lsms(ab); audit_log_end(ab); } @@ -2222,6 +2257,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, oldloginuid, loginuid, tty ? tty_name(tty) : "(none)", oldsessionid, sessionid, !rc); audit_put_tty(tty); + audit_log_task_lsms(ab); audit_log_end(ab); } diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c index f0d243318452..7f8c4b1a2884 100644 --- a/kernel/audit_fsnotify.c +++ b/kernel/audit_fsnotify.c @@ -126,6 +126,7 @@ static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, c audit_log_untrustedstring(ab, audit_mark->path); audit_log_key(ab, rule->filterkey); audit_log_format(ab, " list=%d res=1", rule->listnr); + audit_log_task_lsms(ab); audit_log_end(ab); } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 19cfbe716f9d..bf28bb599b6d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1103,6 +1103,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re audit_log_format(ab, " op=%s", action); audit_log_key(ab, rule->filterkey); audit_log_format(ab, " list=%d res=%d", rule->listnr, res); + audit_log_task_lsms(ab); audit_log_end(ab); } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6d273183dd87..e0dd643e9b13 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -973,7 +973,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1218,7 +1218,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1370,7 +1371,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; @@ -1479,6 +1480,7 @@ static void audit_log_exit(void) audit_log_task_info(ab); audit_log_key(ab, context->filterkey); + audit_log_task_lsms(ab); audit_log_end(ab); for (aux = context->aux; aux; aux = aux->next) { @@ -2602,6 +2604,7 @@ void audit_core_dumps(long signr) return; audit_log_task(ab); audit_log_format(ab, " sig=%ld res=1", signr); + audit_log_task_lsms(ab); audit_log_end(ab); } @@ -2628,6 +2631,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code) audit_log_format(ab, " sig=%ld arch=%x syscall=%ld compat=%d ip=0x%lx code=0x%x", signr, syscall_get_arch(current), syscall, in_compat_syscall(), KSTK_EIP(current), code); + audit_log_task_lsms(ab); audit_log_end(ab); } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 27af7a6b8780..10b418029cdd 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -138,7 +138,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 7c8a7edac36d..732631f67a78 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,7 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -627,7 +627,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 8969754d7fe9..0ff2b8300c28 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -177,7 +177,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a1296453d8f2..b6f71be884e8 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -314,7 +314,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) if (skb->secmark) { /* Any LSM might be looking for the secmark */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 3b0f07b59436..60a7665de0e3 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -436,7 +436,8 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -491,7 +492,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (dev != NULL) dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -551,7 +553,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (dev != NULL) dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -1122,7 +1125,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..1941877fd16f 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index f2d1e573ea55..bd2b36a83e66 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4206,6 +4206,7 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid) xfrm_audit_helper_usrinfo(task_valid, audit_buf); audit_log_format(audit_buf, " res=%u", result); xfrm_audit_common_policyinfo(xp, audit_buf); + audit_log_task_lsms(audit_buf); audit_log_end(audit_buf); } EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); @@ -4221,6 +4222,7 @@ void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, xfrm_audit_helper_usrinfo(task_valid, audit_buf); audit_log_format(audit_buf, " res=%u", result); xfrm_audit_common_policyinfo(xp, audit_buf); + audit_log_task_lsms(audit_buf); audit_log_end(audit_buf); } EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index c6f3c4a1bd99..61dddd153d82 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2640,6 +2640,7 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid) xfrm_audit_helper_usrinfo(task_valid, audit_buf); xfrm_audit_helper_sainfo(x, audit_buf); audit_log_format(audit_buf, " res=%u", result); + audit_log_task_lsms(audit_buf); audit_log_end(audit_buf); } EXPORT_SYMBOL_GPL(xfrm_audit_state_add); @@ -2654,6 +2655,7 @@ void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid) xfrm_audit_helper_usrinfo(task_valid, audit_buf); xfrm_audit_helper_sainfo(x, audit_buf); audit_log_format(audit_buf, " res=%u", result); + audit_log_task_lsms(audit_buf); audit_log_end(audit_buf); } EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 1ab769fa7df6..252dc00700e8 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -363,6 +363,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_format(ab, " hash=\"%s:%s\"", algo_name, hash); audit_log_task_info(ab); + audit_log_task_lsms(ab); audit_log_end(ab); iint->flags |= IMA_AUDITED; diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 5109173839cc..bca89ae72e3d 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -54,5 +54,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, audit_log_format(ab, " ino=%lu", inode->i_ino); } audit_log_format(ab, " res=%d", !result); + audit_log_task_lsms(ab); audit_log_end(ab); } diff --git a/security/security.c b/security/security.c index 0e8c61cceecd..0dce15d74cb5 100644 --- a/security/security.c +++ b/security/security.c @@ -449,7 +449,31 @@ static int lsm_append(const char *new, char **result) * Pointers to the LSM id structures for local use. */ static int lsm_slot __lsm_ro_after_init; -static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES]; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * security_lsm_slot_name - Get the name of the security module in a slot + * @slot: index into the "display" slot list. + * + * Provide the name of the security module associated with + * a display slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *security_lsm_slot_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -2159,13 +2183,32 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int display) { struct security_hook_list *hp; - int display = lsm_task_display(current); memset(cp, 0, sizeof(*cp)); + /* + * display either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (display == LSMBLOB_DISPLAY) + display = lsm_task_display(current); + else if (display == LSMBLOB_FIRST) + display = LSMBLOB_INVALID; + else if (display < 0) { + WARN_ONCE(true, + "LSM: security_secid_to_secctx unknown display\n"); + display = LSMBLOB_INVALID; + } else if (display >= lsm_slot) { + WARN_ONCE(true, + "LSM: security_secid_to_secctx invalid display\n"); + display = LSMBLOB_INVALID; + } + + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; @@ -2176,7 +2219,7 @@ int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) &cp->context, &cp->len); } } - return 0; + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_secid_to_secctx);