From patchwork Thu May 14 22:11:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11549975 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 47BF8912 for ; Thu, 14 May 2020 22:21:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 25ADE2065F for ; Thu, 14 May 2020 22:21:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="oo/74vOG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728458AbgENWVt (ORCPT ); Thu, 14 May 2020 18:21:49 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:38564 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728180AbgENWVt (ORCPT ); Thu, 14 May 2020 18:21:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1589494907; bh=F9L1L4LxDx3xYZOF8KMW2esJP2Rba8qTayjo5Ziokfo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=oo/74vOGyRa9AjE4KHHzdhRsaiExRnGk1wPy7lTl4224l4Cu/WsjQl34Y5G5R648cJkz4/0juodUILt1jlSaib344gkWdOEHPVQP0YfCSPuVaLGgWTbRgJR6Y+5iic2dPU8mE3Lfuns4HGqKMnHMqc/IXu95TSCL5KhdGMwv4fyOlTzr33D9bzJ4jpbbf5WWb1BB+thbG2wpBb7NF3x2cwXMIN/JXicp9v+QFSRHZFrv+4WcnavnxjPhTUaYVifFfFLr6ysN85LCZIPVD91xChYuw/Csh19qNkGxasQsKPbH3fa9ro6jnTF0AA/LZpZVkh7Z/fS55Kxp32zkGl9doQ== X-YMail-OSG: UkI7bocVM1n4TV_RoNbb6TLnQBKx.hCW3uKRkCM39byymwq47tU1sM8r_ZOkz4p 9K3uVe3JH2q30sErPCRRfwyzMVVj8a5FKoveF6t.QMqi2IFBlRureFcMvTht39b_KTOqazUbZ.tA TI0E93GKcKcAvteGJF8EUBuXSM675f_dKJkwy4z5XU4Cf4FRtBDMqoP8e.GqbAwhE5S.0PxNRkE3 ohcJkMlYXJRk9MsHTbZa_Fj4_Ue5kxBUp6SQeNxRK7hXqcOFZ8yhS0bCGv3ou2qps3POTFWkCILc 2fh4brZADRHjDERTY8rXvomOeK9Yr46RlM2CbXPBPJxt7p5F3PGhEDqOxXHN6dHhR99Mo95B_460 4_NsGYFVnAqV75NqxCN47V44w5Q.Atxeig10vyg2cqxL1RNDD9zIGeTY00wA1CkcPu1CrQ3U9nHM 0n9ZQD8nkT9z08JU1.9vRncAvBiHfSUsp_1YhuKVeWbKjh6mTsuIusFc1N1hXzVxzno_YegPadLA xBMDaUe8OP9KkO0h9T4bWnrY9A3M9Qwks622w0MTQtszdVvJgUJWIwqjAgr_IpVS7zGZYvY3YGBA VHD2T21GNIgEMMlJ2B6KI754h_EIapBjlCYv.yU9mamHzIhPSnjY7s4ZvkKyUhuwL6Kz52zo7fs4 0LArnINYMTjUdDydZYtlUrGQI4DoE8tEeqh72metHySqlfY3ngGIN38sdirklVMkc8i18JAvaeku OvCaIoaHrqvTn8eQms9EMklXiJnXOYM6JZME98EA0kpr0m_585KstSQayzZ11Ufo4JocZKZFMMpq qIgKoUefM2Luaw_UDhlYMGazkFxR232TSERPmY4ENkR4atuA6.wz8wo.c1vg43QgS1t5lBPsdrhv w6RhpYbpSa.nH6JUwUKW3yw59NooxH6yrAfC7mfk3jQxJZCdCSXD7iMg6iHvAN83l5nMRs7l6apF 0OdoatvNRc_sppxBfJT0Os4gxuGY0bv3Ho5RbOOxUaJGYKbbSh2MnI9wpi0BP7F9NGh4YFGIH7.0 _bAZszsbeD9ioSGhhV5rr2ukNTdOTW_mVdgvNghGg.7fxhtdGmmPC_9cSbslKC2SQP_tvTf1Zl1u rC3CFW_Oi4gQFwS5W9W4_UyW8_KD7rwxBpilILrk6nkaU3LLP7LZQ194xTgTpAcAhrGyc23A4auP 4pjpO1sEyyMV5PjDhpkfTCUO2x_ZOs97z71Ypg7cUpKzE6Tgn1la2oniL28Gg_wH6uu7VW._2M4y wv7IxEfJp6tmlxW9zG.smRt6t_E8F0ONnQbcKLeZc7_WDoORt5rysnvNRp3rpjXQaZevJ0EoN.hp WDJ3I8hAYNus6o3OpN7I8Be6qMAk2PpBy3ZOEKkPPdcNFKY6DmwPjdTapUkYDxZ6eXtqNWTnzETY ZzlBnCPnZidFS8uGFx0CPSKiYecRwPv_VfYuIDsMv31qI7SAXHDQNW0tqle8- Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Thu, 14 May 2020 22:21:47 +0000 Received: by smtp422.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 624d35b5e8b26aed5a13ee4eec06faa8; Thu, 14 May 2020 22:21:43 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-audit@redhat.com, linux-integrity@vger.kernel.org Subject: [PATCH v17 09/23] LSM: Use lsmblob in security_task_getsecid Date: Thu, 14 May 2020 15:11:28 -0700 Message-Id: <20200514221142.11857-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200514221142.11857-1-casey@schaufler-ca.com> References: <20200514221142.11857-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- drivers/android/binder.c | 12 +------- include/linux/security.h | 7 +++-- kernel/audit.c | 16 ++++------ kernel/auditfilter.c | 4 +-- kernel/auditsc.c | 25 ++++++++-------- net/netlabel/netlabel_unlabeled.c | 5 +++- net/netlabel/netlabel_user.h | 6 +++- security/integrity/ima/ima_appraise.c | 10 ++++--- security/integrity/ima/ima_main.c | 42 +++++++++++++++------------ security/security.c | 12 ++++++-- 10 files changed, 72 insertions(+), 67 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 2783fd9c7ad6..b6f22979a1db 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3106,20 +3106,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index c7e4ce8d209a..abb88a7727c4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -471,7 +471,7 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1123,9 +1123,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 68a5592daf3e..67bb78aca0cc 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2075,19 +2075,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2295,6 +2288,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2305,7 +2299,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 542eee7ad882..eb1dc5dfe408 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1332,7 +1332,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1363,8 +1362,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6fb75f799c60..f4c45ec8f59f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -444,7 +444,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -641,17 +640,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2395,12 +2386,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2416,6 +2410,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2427,7 +2422,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2448,7 +2445,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 2ebe29ddf05e..f4a6204f4205 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1557,11 +1557,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a9649b04b9f1..3dfb573c7171 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -48,14 +48,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9d0abedeae77..9701f2f99808 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -382,12 +382,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -410,10 +411,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -434,10 +437,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -595,7 +599,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; if (!file && read_id == READING_FIRMWARE) { if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && @@ -617,9 +621,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -701,7 +706,7 @@ void process_buffer_measurement(const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -714,9 +719,10 @@ void process_buffer_measurement(const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(NULL, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index 18370f3f824b..60b3d42b2e3b 100644 --- a/security/security.c +++ b/security/security.c @@ -1751,10 +1751,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Thu May 14 22:11:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11549987 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7887559D for ; Thu, 14 May 2020 22:22:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 618EE20709 for ; Thu, 14 May 2020 22:22:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="c7AUw5be" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728456AbgENWWu (ORCPT ); Thu, 14 May 2020 18:22:50 -0400 Received: from sonic316-27.consmr.mail.ne1.yahoo.com ([66.163.187.153]:42040 "EHLO sonic316-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728227AbgENWWu (ORCPT ); Thu, 14 May 2020 18:22:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1589494968; bh=00fD1grsIhFF5LtjD9egNqVHjvscUXK4If42VxnI6kA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=c7AUw5beTKEd2JuBURf0PsrO1oS8fJku0o4RJOkHgwR7+nwpTyfPSChYJwS7+V7ib+oV0l6NYADgH35omMDRjV1cgEglWN0oT73uRD1hnORLMaMS/e5h4SLCwuwrYvfwHFbDKImmDt54ePHemZ5X+tFm8xzZ340lAH1mNy17uSFOyc3UUwmberrNErWOUSKM+KivIvyMJWXEPagjyoCCtms4FyIo/AlC5+5NbVWxT46S8KruEofZN5SMmf0uUAGonXg9tM8gqKMchX0DMk+XL7rkTNbGA/QVzsjMw6TQghZmKMMB3tfe/t5Og9baoG3X6FsETyCA6L74da6raR0ipg== X-YMail-OSG: sf2ys8oVM1mc1HDzilccL8MmySbLrH8dwVO.6WzKUgdZ_rWYY4CWH5tJ0d0ND1z ayZPDRpqtg3YxrqxYFHaT5P9Pft8Jv3dq9IFYBIri4K5zvSwizqQ5MQm8j2o8IhdpwTDkCOyqDAZ W5iPWUKvJQfwxfjU3.3nhnAuDIpDHGfXET.vVaGwAxB_afPHpVmmgGarVObBdkOFZ3_F6M7k2QFy AoH3RKNrHTQ3EmOzHpFcwRi2367CA3wobpJi7MU3BnVObuh9ZHVdyjVW_CJjhEvM7PIeaVVR3MRj wDqtkqgrun8yz1eHMkZtWF8MfDKfxQYpLNw.VxqsuUnVXrLMzVCQGs31Y_ON1.QpQ0imvECiKN8X Wv3gtlSQBaw6GEjCwYJ48Rg4AIEpPb2lphCo.Bft2njP0mDs9FlHDTST8KJUZuzK7p7be1uGSgkT oYoG2gMzIuxwCl9xu6rZBF_vau1BtZOCNko1eIlrpuIgmo.KRMeHrcpFRVyWoqN8.eHHHgCGleV7 rZIurPtiE2579ThfCp0LvTkioGB9xf8LkL7LlVslzND4p38msdE.WCOK.6HKucn7Wh__mU0kTDjP 8HOP_gTVt5lMzSfWBmIvxALcgGUUSbv0kq8PllyumLDBjCgsFUVLZkQhgn_gzM_uqUNIzbgyZJZ7 F1nw9HvAM7ck0I2UBGm26f7.DrWLiVs5yka90BzXGhbGz4TOeJxzejXnxjHVvQoXNLL.h9tdaXOC qiKuzXCaEFfJ3uFD5uFhATTjbWbIVgm3TN3.UGUN8HF2Q_RwFuCGXM6T71RjP8iojo1gv1SsKEW8 v8ZitGInfVXy5Ot8Vii.zGxn4t8yovAunTkri_kr2q9ycRolQZuBa9mmwsRTwJ9N671C4LvFwXRJ BD3uX37RfpWGoTuYp2Ew4nAd.AYzurWpl4NoZfkwuxNFsIFnnJG.yAgNIPfpe5h5.5Lfj40rZBLG l1ZhTpUy8v3mRSPPF.XJKXDMBaFyCP1my4vGyLiUFOCpegYJhue6Mnvk.d8WwJJvfR.7xrNuo8FU XC2W7YNyz5RzBxJinHFkTQIXCgo_POVau74Kr9aJ6hekZsnL1LrrTmjEKDbA48U0RpBWs3Sjokkv 5mzjIRmPmnd2ZidIUCTONzQplqfwGfF9ExT1NHlzSuodr38lIMiAU_NJ1BdI.LhEw_MgMtMesPIu ZWgOvxKkj7fuIon44T.ZqUDIcr_Os0nS_8vtEQrCNEy7dpa06E2aVUQsvo4CuLiZVBSTfa8Oa4Rq WLZIXczP7F6Jya__4f4_mE6fLo3S0oomZC5l3ApSg5jembgE.JAoiT3EKiph3ll.3otKn9RzvdN_ vSzuxq7QKfOKhzcRN11DDeeLBDUCkt999GysfZlLTcSMPpZpkH8X4RvnrIV4YJEVX6EXm4PLvCxr mMHlDruVw8cghQaxbDVkpH58P0hFRq_v2in6TZ5iJgiBc20C6dfLP5ExyDuSC.Q-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Thu, 14 May 2020 22:22:48 +0000 Received: by smtp416.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID c7b3420ad493daad796606174d9ee147; Thu, 14 May 2020 22:22:47 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-audit@redhat.com, linux-integrity@vger.kernel.org Subject: [PATCH v17 10/23] LSM: Use lsmblob in security_inode_getsecid Date: Thu, 14 May 2020 15:11:29 -0700 Message-Id: <20200514221142.11857-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200514221142.11857-1-casey@schaufler-ca.com> References: <20200514221142.11857-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Acked-by: Stephen Smalley cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index abb88a7727c4..c46da9c03162 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -431,7 +431,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -946,9 +946,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index f4c45ec8f59f..3201f0997a5d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1935,13 +1935,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 2c1a92cc1bf8..2f084a388142 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -479,7 +479,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -492,8 +491,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = security_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, diff --git a/security/security.c b/security/security.c index 60b3d42b2e3b..1e8456a6fe3c 100644 --- a/security/security.c +++ b/security/security.c @@ -1437,9 +1437,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Thu May 14 22:11:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11549997 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5563159D for ; Thu, 14 May 2020 22:23:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3938420709 for ; Thu, 14 May 2020 22:23:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="YR4l6qCb" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728475AbgENWX7 (ORCPT ); Thu, 14 May 2020 18:23:59 -0400 Received: from sonic307-16.consmr.mail.ne1.yahoo.com ([66.163.190.39]:45506 "EHLO sonic307-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728315AbgENWX6 (ORCPT ); Thu, 14 May 2020 18:23:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1589495037; bh=SC4UkTE2oZCdHyHjqC+B3gY4czDR5RheIwvw1ergrrQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=YR4l6qCbo49XaxX+CrdFMJe9kzmq8rxmc3mjlhrv0JXt3Zs+N+KVpxq4ZCmwSUO8CyFTizH2/xhv309iER18Bpb7IqNI7QH54FEelnYWBr8GvjD0fQHyHeoTl9EuGRqYETCC8dYakCuZqX/tl/CYGrQ2KnvgxTgfJ0kdlXt8JapOtgUdwpi0d9sMMwAChf3QqRObSIfH+7BC8KzRWE3CDacEv4akqegUKBV+OEEAdNGPM5CCZn+WEw0FWjNttJ3aSrF0vmUGTk1f4A2OleSMCBDhWQsMs6jZAwloa71mkOfjpZ9pS6eOdgyUrd4ndgDxOJmBz7Zi3fs/r2viwzHM+w== X-YMail-OSG: WBDqlhQVM1mQ8rEkFPGjDLHmIBtFU4vaVJV9SY7p3RN0axg4wK1fOgkAvg7c7d6 liM8ka3mDl2TAUjKnn3FQpSjEG93P7DrmRQAkNxjW87mtgxcmt3Fys.yvRv42SaWtMgkNdIZ5iZQ ds7Yyvs91Flk3C1N8hGU7O4bSVl9Q46_YC01DIlDB6khPnYW6I2c8RjY7GZMETTyqBq4cF3q3ZWu gJQ9aLfMoV9GR3Zpad7op3RmurDem3_oO7CUht7f8pKFHHd5_EDI6AQP.DObF_Ro08o99_AT6Vzt OaHr6Q5ky4SybvHOq1kphc2dLwR7zyAXut9rPUQ37N_jqWVMaMfKovUwiTlFDQmpFsneH59itU2Z Iu9c3WE2oVnIjb8.3_gF0b34Sy6UpOXXny.JZHsYa0dM2gB9Vzb0wx7dWOTY6vGLkUKDFLJuCs8q HDf8N_rLwCD.yay.PwfsxM78fIUZBRLssCDk0Ma6uGrJK5ysxdUFoSQEmNETwn0Vl8Gvf.h3RhMG fk0HgUSqjErUdhEq5TRm_.0BhNd1cOfwcWs_xbNoCEBcehTvmWCQUJEEzm8xdjd5dO7EvuemjNSS wapnp1CvtoNSYSN6W7UiI4mMyhANUZEgiNm2IespXmYgkf8J2E3Ljq_nZAiQeDVN8IliagSSIH9C 177hU_yeOD5ejc0XcPPm.unUPnX.leV8tDbzwIjYVwZXJvhEcm2QB2_OXgxZzdz_z2VFf3oGyepk Imc9EVTHoRapThLjGO37EQOq4Sm5Thmp9_sLaXzDhpM0llqn0_PgPCHTA1McsRm1UXGSo2y2xDKJ mPKHMDrYj0WCpV5M0ndHIw8Noc8gDaf3HCGaPYGUqKIQfgUMfGkrU1Fd64TVugQKwb78TCfMtcoe G444t.qAtGZIv1gWOlJPGTG8Y7rCOhIjLZnmWb8.LaHyJd9qxJkMl2DQG9i0wPJ3xEhjvERnLnmU copH2vggYObexFjmQfcw6.luM4aPGXv4o3gVR_aBXGhWAmEzhOUXv_PNgtZx4F30OoJg6MjJUx2G U6ZGPk_2e6FwVM1bNzZd4UeWwId.mTmhjInptX48lLrRNUpGRRQ1jZ6GeRjXH2yH_qLlhARzZEiM 10kb7MoHOW5casonQF0ghCIcKjBc7s4F3VxQ0dbyFWCDUVQoJJrtHmNBmX9LiApPo05CuDL6A9u4 tngCYn6jUslreWMl53Cph5hIxMJT9HFzM1ZVvHE1s.u2mDZISMXxRnP5EeXnnPLi1V44mOcGbG0L uFltAPn.8qR5IuWjt32PZRfODNZg_E1Kq5kR8cILVi4L6cLJOFpah4J5BGlDiRGZatHnl6b4qvNP k6mCVLbch6kEibG4kW0vkudjQCd0xtPEJzThTXs_peRbrLrPSwA1BDi2WhmPPvqNKQUyfc5s71XW lHqR8siNGKqn5IgBJ99vHeclmoKIOsKBn27YfMhmZsHtR..M.To0tE7nmUIkthw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Thu, 14 May 2020 22:23:57 +0000 Received: by smtp426.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID c150985a23791c683836a61394b2bda0; Thu, 14 May 2020 22:23:53 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-audit@redhat.com, linux-integrity@vger.kernel.org Subject: [PATCH v17 11/23] LSM: Use lsmblob in security_cred_getsecid Date: Thu, 14 May 2020 15:11:30 -0700 Message-Id: <20200514221142.11857-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200514221142.11857-1-casey@schaufler-ca.com> References: <20200514221142.11857-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 5 +++-- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 49 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index c46da9c03162..3c690f36ca0d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -458,7 +458,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 67bb78aca0cc..1901ed145dd3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; -u32 audit_sig_sid = 0; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1422,29 +1422,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2288,7 +2280,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2299,9 +2290,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 2eed4d231624..74be988cda01 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -337,7 +338,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; +extern struct lsmblob audit_sig_lsm; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3201f0997a5d..c1e19ffaef66 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -112,7 +112,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -964,14 +964,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -980,9 +980,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1550,7 +1549,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1559,7 +1558,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1737,7 +1736,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2390,15 +2389,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2414,7 +2410,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2426,9 +2421,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2449,9 +2442,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9701f2f99808..2dec956b6852 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -410,7 +410,6 @@ int ima_file_mmap(struct file *file, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -420,9 +419,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 1e8456a6fe3c..ed33ee97afe4 100644 --- a/security/security.c +++ b/security/security.c @@ -1666,10 +1666,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Thu May 14 22:11:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11550011 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BEC54912 for ; Thu, 14 May 2020 22:25:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A0219206D8 for ; Thu, 14 May 2020 22:25:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="ga3APdv9" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728509AbgENWZG (ORCPT ); Thu, 14 May 2020 18:25:06 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:35037 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728514AbgENWZG (ORCPT ); Thu, 14 May 2020 18:25:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1589495103; bh=dUThkSfGHDQf7/vgsO6mxUw+SchIx6U82ySzG6ziqkI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=ga3APdv96z+WTHt7I2dGjFrCn17++i8nIQx0FYSimmUx/37BKToD5f0a+fEv4WGnwisRQKv53nQnXOwAx6uh4n9Htjxiz0OPEOM/zr7MppQy/raRP5KgbUIU9SPJBSkInkPW7TOEmTrZU4uJ4DJqXelQiom/FxMpKHKW/Br4KpGUe4d8sD2w0xY/t6bK4mBvZXUGNdpoI0IV/dhJELKUlftBKQzQQrwgMLlRB9irV9aNn/JooKdp6QoEAwIo2R859blRyDyGmlpPu2SmMlwdooP1ACfnbyAp8CnEN3TKIh63Yu/h2Ck76Yw18BN0qUTUCs/rIy8gSU3PtazCJo9RBg== X-YMail-OSG: 0nYPTOcVM1kC6DB2xE6dLG9f.zTR6axMPRJo1XTGnZggrUXtb9kd3Tt5yR_EkGr spaHB89rr7O2dpON9cr3DMMxkKvGPMWB0JA9gRa9154BfCRHriEHQxO9UWRuV1lZid51LtezGakc XxKntaPtKvNgcYyGZfHJW9ty5uAsAAEKxTrztGd7eGPo.8G1pDdE0E..5iH0xxbJOCRob3iqlybQ bg36Y6isyebGbR_PcLJWa2rBsvJn_Zis4eFGvKgRtdUvJ8AhGG5tCW8v8TZ8PzsMUf0MlpuY3.Ly uS2iFcEqrHGvO7DI9IM_ejSAueQ.Df0GDqeloMCvmzI_oGl7szuYieBVbkw1ENSfGMMqqWC4TYIg kad6tDZfBuxEVRL.9kwfqFSugA3AKOV8r0CwH.FrmuXsQ.ZNdoLMcFr15og6F1kw4RQPRsVo_UOB E6p.VVJDlYjD_E8ivy053CaQ21GaM9MZ7Q88rpxWEVz1HoBaQZ58x6YGQxl9huXsrQOXL71v3zSe iwdvmhLy2Np..WLjDy.TxQlWKYRPdFbQSfmQx_S36DIim35utWMIuesaejXh5TS.KX1lX94r6J4w pUns_AGhFlJCKSCpJv4.ECYkgQJR.s4885ZZ1kndIfJsN0yMnoVM0hPJvtB3WG0wVDMOirkY7NBU RuU.gVuleg6w_OUIHp1awL2MxwWymDDCgC_AdTr0hK.BxJqpqiKuUQa_IkjmOp0kZEpAE5iM4Kyd ASQiKgm4YK16dY6Cc8BTVD2gQcPtNiq6mQyqIkQz77T_KQ7riEwp6OoGyG5.54uff6bSj2vc3as1 ckXAwQWp.h3V9XTmqCnL0w13BsCRoDp8InuwmmE9HUcAJbzdPRuH4Wf_O.qJZ9GluXrW_6S3RpI8 nn_nzltt3SY_nZ23wUgDi12u7eJqaHFhjpVqOWLqUXFz7UXGudnEGHWQABf0IDb8vLxOGDJbDt0b _T5MCjNbC3DeUtalldCc1xTbSkE1scEMfBBgW3u0lVxwgl6P2HeoLCNiVIO1rMenAO0hnaUsPUeS Z8LnCIUij6z.RHXMrPMTHlc2yYLqQeP_wRPXYI8qzXAhUSj.2oNLQ.a5bdWxz3Fa_DcYBODbyguM pxmhcRRHlzoYm66e_BP77YlvdbtMPZp3GNCkSHX5fUFoXO_eiQ8_DX6IlWgJbtsvgCrseUZ0VqIe hkkGkx9kWhk0AIxQaQOAWPu20RXy0MyGKl2OC9ucb2Gsg_L7.NxCYHZmjwptCfs324CR1Om_Yj5r uqmO0JgGgPJllRq.gBQq8ChO3UwRk90uFlwQBbAiNPtERu.6JJqmC1r97hs6tkGUZlwGwMhn80Pd 5k_mk4_s9B0B7t38_wZ.jvJjFOaWGdLOa1z1RgpTOeg9NKRkHem1bzNxsyKBiO4O_J0QgFj2qN3k sJLut5c3Ky8lSwDqR0W3n2qIWG9KtwvratApT4KRiuOt0CI2eal5Zg7sGgRbwb3kjDAI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Thu, 14 May 2020 22:25:03 +0000 Received: by smtp423.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 98df4c152f71d4c6c0d885f8fda43499; Thu, 14 May 2020 22:24:59 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-audit@redhat.com, linux-integrity@vger.kernel.org Subject: [PATCH v17 12/23] IMA: Change internal interfaces to use lsmblobs Date: Thu, 14 May 2020 15:11:31 -0700 Message-Id: <20200514221142.11857-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200514221142.11857-1-casey@schaufler-ca.com> References: <20200514221142.11857-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- security/integrity/ima/ima.h | 11 ++++----- security/integrity/ima/ima_api.c | 10 ++++----- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 32 +++++++++++---------------- security/integrity/ima/ima_policy.c | 14 ++++++------ 5 files changed, 33 insertions(+), 40 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f9e3ca96fa52..a85aa57d28c5 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -230,9 +230,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -258,8 +258,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index f6bc00914aa5..b481bbc2e55f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -163,7 +163,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -182,16 +182,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 3dfb573c7171..bf66e3e6f398 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -54,10 +54,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2dec956b6852..d6133f4451d1 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -188,8 +188,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -212,7 +212,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -386,8 +386,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -413,16 +412,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -440,8 +437,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -622,9 +618,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -720,9 +715,8 @@ void process_buffer_measurement(const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, - func, &pcr, &template, keyring); + action = ima_get_action(NULL, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 2f084a388142..a89f0c3cadfe 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -422,7 +422,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -430,7 +430,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -500,7 +500,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); rc = security_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, @@ -544,7 +543,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -559,8 +558,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -576,7 +576,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Thu May 14 22:11:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11550029 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AE3E059D for ; Thu, 14 May 2020 22:27:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8A1DF20709 for ; Thu, 14 May 2020 22:27:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="EdXjluXB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728504AbgENW1S (ORCPT ); Thu, 14 May 2020 18:27:18 -0400 Received: from sonic307-16.consmr.mail.ne1.yahoo.com ([66.163.190.39]:33267 "EHLO sonic307-16.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728535AbgENW1R (ORCPT ); Thu, 14 May 2020 18:27:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1589495233; bh=7IY+XVVeUAY5ncFv7OLhMlN10hsAS55iNVZApN+xCoo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=EdXjluXBSzESy1wjHOGwyZKxj4OAELA/q1OjRX7W1fm6QTXhExyhvkGV6YmeJPZiWWK1JGjZJdIpLvPINfAqpq/ioFUnqSX9EkyzkXSoToXWS7qhTR40bVQ2R1pQAZ56CDtJIW6STEuGY+g4L8MTcmdrHlxr/zgrSMTVLUQ+TFF2BEa0Mac1kneFSDhyZTu8rt9MeyN6C+hiAbnrNCOH1nNRFe6U2+eA19OwTNdGbIqkljbJxTEUk23MEkuXt4wXbyJq2HNpo8tNy49bya75CHBzqgFXSgMf6l8A2rWgGRRlRMp0AATFoQjoj97UneZ7bezbC2xjQV9XCcChUC6g3w== X-YMail-OSG: Y_L2wO8VM1nSCi2yteheE9CfRj208V3zelmnPSB942pYbsh6mUirN1O9N7VGNZI p14y_jF9dZ7.tQtPRxUvLhELqKdlbY8PS0ybpyYdgPl6W12IZoETCsGz2K.8698dA3pAALo5nZ86 BgNuWjLe9Pyaf8GRapZ3wSLEUc_vIsOL5.TRFHBF16FMq5htzfBvDZ_dYrAHyYZqSaVD6aTBXmku TzivKojOE7ovyf2HknD1gcfookTflVZuiEso5BIu9330IWlo3EChoEofxj5OtuU41u3GxFktYnNf c0SsCcY7xaEtcHaEgwmXFpV59IUHIKs2dxcJgp._Dq8OSx08Tg5gR8yG5BJHn2cf6omdIRU2ysvX pYxjbtSwLdHcUedEGHd3xA045yucmvbsKfGHJiKmKLy8dKpAecaRNi8cd4OOE.TW_JlyI..XTzpJ zILYt92RX2Xay_C8i5._9cBp8C5aRoMouunvuVX5lBEUNiEG7ZGzMxkjdUP6rcJ9Kt35O1bv1vzI CG0c_JbDzp_M2aMWv4zv12.DXBcK48pjyAqDBTdeoGkTOvc3ahEAl3k2LhEUQ6AdAP5gYBa2mTV7 c533lRpc6FcNBzc6u5jGRZ46NkL..S7xU3USQ0Cjt1bEuenFG6NiQtnbEXYchXCd3n8VV2KkUqq6 TqqT5o_PAdeRK5KlXjrHeL_S1bcxWAhaQ3QXSfBxWMzVJugKfDvFwWRt4ohzYWnD1OJ4x.MDV4Tn bwHiQZ2ULhi6NyjtXmPuGztFp2FJOSua8Ole7gPAUvtzRQchcwX0pp1pxGSTmlqmNTCeHdAKckb9 kIM7fCPVspD92K1pEs.kwf3Ib3KQAY.jHlc6sBtoF6nFwhie5Hge0I9SNO1yIb1w2GsBMZo0z09W J7n3yo4URKXIF_ixqGlgaB9Z9Hk9A3Ght09tze6WdKxlmy0TIexcGLV1sr6xJa3_FRTfe61UfnKq ikZ4MLM5y69eBiVWUZa4L00NUtR6Oo5sb.ZNaqFXfelkEge73wJKC659ToBupHHEhOTg.w8iXB5d 4.6806Ib_quiWaNoacw3dXeIIFcepgCkYcjTnwT0hT3GAJ8EN1pGLb9Je6MJIDKLm3yrGtadI7kz yEBfvQX1MjDGyL7IIpEeV7_U30wfCh1x51h2uXJRByes8OYnfwzuR1o292o2zNrKMQ.OOdwJcHqT 7fbU5FtWc.D17Bmv7AzhmmhwDCwJwBxqm6nDx_tuwIDcXdy7mnL.xotAqwF_LzlPpIgspgUOdvu6 ihjMKalWwwehcf1Nm_rLq950gJij45xAtm4eow_8n4oxhtwv0LuITOR..NnjHjY9wV1sr97Spdhp WrpJi5SoDZVTZGRnMq2UnDZaO60s6CqNcAzW9v6hzDZEjgnl7Ej28ZanTpmoqppj3YNj8zqKjaJI r9tRTjtBY731sAsJ3VAmgrkDVnjT7nw.GSqlazQcl0dV5bVvACZDIbroG1D.eip3utzgs6Q-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Thu, 14 May 2020 22:27:13 +0000 Received: by smtp430.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b382efbe84652276cd75fb248c55fa64; Thu, 14 May 2020 22:27:09 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-audit@redhat.com, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v17 14/23] LSM: Ensure the correct LSM context releaser Date: Thu, 14 May 2020 15:11:33 -0700 Message-Id: <20200514221142.11857-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200514221142.11857-1-casey@schaufler-ca.com> References: <20200514221142.11857-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b6f22979a1db..30e59b386ce2 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2863,6 +2863,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3159,7 +3160,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3492,8 +3494,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 7b8a070a782d..9bf41894e3e1 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1272,12 +1272,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index a0c1e653a935..7fcc27f0faf6 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -130,8 +130,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 996ac01ee977..61d6b8a0e8f0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2496,6 +2496,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -2998,8 +2999,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 3c690f36ca0d..16927c87245f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -129,6 +129,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -520,7 +551,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1334,7 +1365,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 31ae605fcc0a..30ba801c91bd 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; char *secdata; u32 seclen; int err; @@ -102,7 +103,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 1901ed145dd3..7be576b8f0b0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1180,6 +1180,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1430,15 +1431,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2068,6 +2072,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2081,7 +2086,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c1e19ffaef66..92020b933847 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -969,6 +969,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -986,7 +987,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1199,6 +1201,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1232,7 +1235,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1378,6 +1382,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1386,7 +1391,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 1ca97d0cb4a9..96d56a30ecca 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -144,7 +145,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 3b50f858dff8..d40e0c1d6b5f 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -332,6 +332,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -352,7 +353,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 54ffacbade6f..111a946e62cb 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 44ce42e8c82a..c89bd87d0dae 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info uninitialized_var(ctinfo); struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f4a6204f4205..5785e6dcf54b 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index e86c84a904d5..f9b90a46e4e0 100644 --- a/security/security.c +++ b/security/security.c @@ -2194,16 +2194,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int display = lsm_task_display(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);