From patchwork Fri Jul 24 20:32:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11684253 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B166813B6 for ; Fri, 24 Jul 2020 20:42:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8F31F206C1 for ; Fri, 24 Jul 2020 20:42:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="PLlM8tl8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726455AbgGXUmp (ORCPT ); Fri, 24 Jul 2020 16:42:45 -0400 Received: from sonic317-32.consmr.mail.bf2.yahoo.com ([74.6.129.87]:40133 "EHLO sonic317-32.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726562AbgGXUmp (ORCPT ); Fri, 24 Jul 2020 16:42:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1595623361; bh=KtaXEkiLLQltsc/eqeuCbtbv6u3JOFC+F6lI6/aGIdU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=PLlM8tl8V9rfpe/qBMGzKW0QBX4lQAf1/xWm8vXQpb4a0A0oP7vLIprj/mZo0ORs27Jxa7BX4BtB1SXEudP36WKGJ81ALyneW2NCxnlsGANNr0u8zIRx1Gvz+M5Vu2eQIdlms6/sf+KRQft7Wc0zf3pSKHXm2WhLDPxMzsOSZ4mOlLkgPmxC4/kd/9R7Q9NXgrqtp1BUdEHmOX2Jd1Mv7xlyR/QhNdvjPOQeq2GnIzzEJpLMsLiNbbqr/u3rL6FaIAn0JyriByPrebJ9b/zaPzKZXolSoZhHrlPOG0pLMnibrXLE0Focz5xjrLPEeZg8JPCsc8+yKDgqItna5tAtIg== X-YMail-OSG: T.EsqWAVM1mDz9w3.aGDwPJSyNHWMEqzF1P0sQkZomidC6FFL.5zXDP2z4XCAa5 oHMmHakkSATKqyNcC6m7ONM_JBBuCPGeXWzrQ0d8LRP27CliSOmjhYtPSGtjR736h3Kse8PVCAwL jtL0Ayr44rRGBaneDmIzj7apLuz63Ap49y6688gCad5vDw2Ple2vm9P38myU_oSCNrh3j61j6ltM MHa9gz.d_O1J2jiEUlCysDEcgFO3NJB8lhq5auKWOSLiBtoF6Vm906YwQP7fHqjx5QAiqweEKDjT wTzXm334y6s1PldcGRcbdDXKQHdKZo_7qCgt8jFTtAyQYSGnwLc18dvZErVoo5HInJr0IT3KRHbx ufL7_1VxdS2pIzO4RL_nDDbBoxCFljPBlYt2qS8f7UOksYxHtO.4bkG6.Qtiyk7eEu7yoaCC.tBi HyWs6ktA4g5QfQYJGe9pyZKmsCrsxbXJrcf2yHsIu287iZ6qk8NKFlWldeGw3zezPi8mIEGh1EOR vu8LGhvd4pmm.eUHyI75g1YC.9CpxnQl.o7o2aOmFC0mpofX8dkHQLWWexdFX_408rGS2J2SLm1J E07yEms.rDeQyLuLUmYz3Y3bvsHcpo5DfpRhCo8Ewt6e_KfD53BRA2h5t712BpicmlGFfLWo8cg2 PQlE8xZ3odJQ_iQ4FPpppDpdEqm6CUAN4IiPt3dQeF8eHKenC8lVr2i7.L2jmnR0EluSjoy1wdtL hPWQf7Mkc4.63RznpYH27L8AeGBEMeYB2vFaPrwBA1my0uRGTkdQbXVCRTBicVeZJ5QkvuFw5TBt FJiot.hdJC6hBhRo1cnysp1PZO7b.q_qpGvOr5f0coN0iWf9BIibzph8lZOToBl.a9X.AHbeM7g0 Q7lchvfrUv63Dl7eGSIIlgfGqNEaXS2MMajcHBVQnE89n44GXQstJXbsvmtYz700xdGPSOL.Dfpq FX6V54rdLyzu2_cCyo1FLdBCgwZ0OdZuUs59l3AQb1USL0hHwxAhKyXluAEvlzwRreWmOplcvPRg zDoxqimrDpnt0fMOpIWyj_cNaoSbWEkBjWp_2B5.S6DZGwxnKKDtbCHonifYcRFp9ecJtgQiA5lM HYEsnL_HW4Gjo5MM1Te_sXBtTjC.Ch2JyQUzuPIIlVOHiNY4_uIy7q.r6T7VSbfcEAH09j8uq4n0 9G8kro6865iC9P8OmK5tUsej1TqUBXeH6dPJ9a_aPtKAMTcsMLtHBDNeYAPjlGrxS_o5_pz9k2ME ioxjPkH.H2BndWv6xzjDSvvCOlQsi1gXqgjOxt2.JSJXJHwIN6cOijDTpZQpSzuiykdD.V9NApjz jp1wNodE_MQi9aX4eU7PF5QFwMoyjp48nZUBGzIRi8RK74HjwB_OzpN98xLCM2j1HC.taF3KiXZn 02VKJYzqjrbzgKt73YCu79cANlImkYna2pg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Fri, 24 Jul 2020 20:42:41 +0000 Received: by smtp405.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 514f676ab7326b90f3041ca41a4568b7; Fri, 24 Jul 2020 20:42:35 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v19 09/23] LSM: Use lsmblob in security_task_getsecid Date: Fri, 24 Jul 2020 13:32:12 -0700 Message-Id: <20200724203226.16374-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200724203226.16374-1-casey@schaufler-ca.com> References: <20200724203226.16374-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- drivers/android/binder.c | 12 +------ include/linux/security.h | 7 ++-- kernel/audit.c | 16 ++++----- kernel/auditfilter.c | 4 +-- kernel/auditsc.c | 25 +++++++------- net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 +++- security/integrity/ima/ima_appraise.c | 10 +++--- security/integrity/ima/ima_main.c | 49 +++++++++++++++------------ security/security.c | 12 +++++-- 10 files changed, 76 insertions(+), 70 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 41f89bb3c7f1..46e2a26089cc 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3106,20 +3106,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 7883975ea6b0..4037391a29b8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -476,7 +476,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1141,9 +1141,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 70f331825401..9861e1e11a4d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2123,19 +2123,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2343,6 +2336,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2353,7 +2347,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15a7fb80d6a7..31732023b689 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ff30714c89dc..4928159d1ce2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -455,7 +455,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -652,17 +651,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2406,12 +2397,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2427,6 +2421,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2438,7 +2433,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2459,7 +2456,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 2ebe29ddf05e..f4a6204f4205 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1557,11 +1557,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a9649b04b9f1..3dfb573c7171 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -48,14 +48,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c1583d98c5e5..772d9f20ab5f 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -382,12 +382,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -413,9 +414,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -423,9 +424,10 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -462,10 +464,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -486,10 +490,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -647,7 +652,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; if (!file && read_id == READING_FIRMWARE) { if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && @@ -669,9 +674,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -753,7 +759,7 @@ void process_buffer_measurement(const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -766,9 +772,10 @@ void process_buffer_measurement(const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(NULL, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index c74c7722e5f4..01c1561901fa 100644 --- a/security/security.c +++ b/security/security.c @@ -1783,10 +1783,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Fri Jul 24 20:32:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11684263 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8ADAA138C for ; Fri, 24 Jul 2020 20:43:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 72B1B206C1 for ; Fri, 24 Jul 2020 20:43:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="LzWVcNAL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726562AbgGXUns (ORCPT ); Fri, 24 Jul 2020 16:43:48 -0400 Received: from sonic317-32.consmr.mail.bf2.yahoo.com ([74.6.129.87]:38644 "EHLO sonic317-32.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726493AbgGXUns (ORCPT ); Fri, 24 Jul 2020 16:43:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1595623427; bh=234xaKUPRrEJCTjuYBkCOO3TsjX0WFi6pBUT1DN6P6o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=LzWVcNALyCHBAgo26GDk5cJKEtUORfX767BTumIZX9DnFUtFTbwwoYHgxfaPoc1kMnuA6859Vh0TQIOyzg9UpY66oCAdbh+baCfwXacHxqGB0lJJ4GK4s49Z0WtBoF8Pn2xdII6rBRgwAh3DNHRRyTTDhGnEBqYYh0M0/qfdEtILN86Iu3YXcwYjP0nPvHsJdiOPiI4l6EyRB0oXLQVa694XKvhRgk+b27W8t6EbMnGbTflDy42VqtCT6MeOHJ4XERB2MEwMLCuhiBDzQH7HQGNaPEjt8vU3Y9SjAXPrpwXCbWFwSKfrT5ODPhEfhNMADQ3jXJMhXaVUyIHQa4xDmA== X-YMail-OSG: W4rpcPgVM1kGbzBzkfqqG5AfvwocczHrL_p1ZRhxDKby60tmB8_g5jyv09Xn.D_ Cbw67jx32PcH3ooWn.sqI2oSXeAeA4TKpTV17pjfUiCTCpVcNbKBgX9Gc9t4B3mPAamG7XSgZQB4 9qBn7oPUswCTgnQGPKuzcfHILkvt9guwUmSaDnj6fvwre4vzpog8sDfqsBi7fdqfudrOWE0U0tKk fwQwk7UsU_BKU4X8Gmh38qINwSTpy4FKR6B6GQt10L3S3wOwX77P2y5lAhX1EChDOu3kD_DpdNPM 32QIv13F7C0FiYymUv4g.DxdJKisT8ObCgguOtaqqdMhfdbb08U9ro1A_741ohg_GfBcpH9B1J83 Mb1echna_7e_y4tBriIrKH7PhiWjWsQttMKESZLjzMdeLxxnKQrOJDDtnqhM8ArNvCl5QxeR1heR DY2m4Q4ohJ_jOFFxlrhHqXhvpPhw1q32IwGtn23bRTcYWIcvY_Q5p6IV4QwDxOhmDUXOKB3pcsnl RMkwNn2aqLBMdWgrCQg6DtKSaw6H7xsZPHOlUm0L29w27AjNKMZfCsY5qyTb2DeWw0plSDZZ1Sem dmQUoktOxdkISEU37is9pQOggTGQ37y5Y56rAcWQYfMwNzXLjW.QlrJt2yyJN8JrMVZj22wCyzYX Br.KYewANRXRYNoU09ZwUtBGfXWARs8RQamTsrtdtLGOBdNKYcezR4MlAPl7sZ9TSW4kWSQBA_Ta 7g9wA9tJ3O9M2jHdAVTKUKURD4hix.n.sF7PYKPYA_Ereh9NkKDdABVJeOcrIlhTEHiPj.INrMCF NXXlOrfBmzWNKye5BUUPt0JDhtCwMYs1QDoVMPUVazipGnahxw3X4EqQKNzIdNeT_jfMTGbRv06. K7oalhUFDGq8PKhgNOZWci_UUBRPpZD11Iju9vcoaEhsWu22G0ajEcPrsLv8tvCcRZ8GQ2EFZOh1 6KqYiSORbQ6hl_olupcOHsMBJ8Fl8bpWCghGPWPrPAovZE4uIAc7vJbK0WAaSbuT6PGapXzcJ8mA lb3ZlOF_taXpPh0L_ENrzKGJVVfpIz2Dw.w20WOhao.8Bqj8xBO8CaCBvNm3H1VDI47Nnn8rubTR GoLNNywKeiI5mYD4KDJuEBwRo_xJLglZViyHsLGhHbPKR77h0NR1cSGsfIqAs9o784iekDHPlI1W cMXxe.lk.ra40NYIT6u3mzovUJLkSvvDgeBFOZ7nQEEOhOE5SVgW4bPzv_R.usIZJREey1tOwN7i 38ntgVV_F7CeiFyAkB39A8Lylt9h2yBPKSTpA7adl8BDK6egRMksgOGsiun.pYN0_4vFefXXnkmp JC4Jy7IZIbLyLGwxMwM1QH73LJxY80T5S6o1WUGX7CSfx3Bp4gBRRunWn9TGEwB8a7_KTVZMZE0z _F7ianSZ2L06wek.U07POhRC9yH3kXgmKkf5K Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Fri, 24 Jul 2020 20:43:47 +0000 Received: by smtp421.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2a27315c8f93868f4c41ab74491b0352; Fri, 24 Jul 2020 20:43:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v19 10/23] LSM: Use lsmblob in security_inode_getsecid Date: Fri, 24 Jul 2020 13:32:13 -0700 Message-Id: <20200724203226.16374-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200724203226.16374-1-casey@schaufler-ca.com> References: <20200724203226.16374-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Acked-by: Stephen Smalley cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 4037391a29b8..b804bf896552 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -434,7 +434,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -957,9 +957,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4928159d1ce2..d3e1bea08da0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1946,13 +1946,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 9a0f462e8891..8f9c66a0a612 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -479,7 +479,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -492,8 +491,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = security_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, diff --git a/security/security.c b/security/security.c index 01c1561901fa..d641c6dc5933 100644 --- a/security/security.c +++ b/security/security.c @@ -1442,9 +1442,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Fri Jul 24 20:32:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11684267 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7B546138C for ; Fri, 24 Jul 2020 20:44:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 536542070B for ; Fri, 24 Jul 2020 20:44:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="VOCHOLPl" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726759AbgGXUo5 (ORCPT ); Fri, 24 Jul 2020 16:44:57 -0400 Received: from sonic311-22.consmr.mail.bf2.yahoo.com ([74.6.131.196]:39452 "EHLO sonic311-22.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726438AbgGXUo4 (ORCPT ); Fri, 24 Jul 2020 16:44:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1595623494; bh=eNsmyP7MLSBU10jhu6krGBGw9ReNHenWww/zw61E2yA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=VOCHOLPlBLw/Co8wMtjYaP2Q+kJooW0tWgMxet1zdqkZGQD8oTrj2OF1LG4tNZPbiVLLIoBETx7vHsjlxXT0n/NCfXwDyUbttYp2R3YoFG4mTPggcLehpt0I5aWWtEdhhzaEt8npPfwHbFC5uKa5XYGtWLZJNjVxa7EQhv/RN8WuBMd37i79Li7M6YUS46dSvSKSjN4MR9n5Rw/05bcSMOJVGrBAMP2DENGNevoe9Pg9RVK+J9V6zZtQbXlbHnKqma07C+JBq6w4dfsOx1EM4TYlqxe7/7m1AmfsyzWZ1xOOYqtprwh/uD3NwUi00JPSxRIwz3Wyht1bjo6tuIUm7A== X-YMail-OSG: Gd3ih.AVM1l1L12rppLVOD3XNW.G74BVmqti6oNW1AKhjynTus8Na2H0z8g_1dW _5CHno46cCK30fBSEsamEzrDb5WsW8a.KoH5bVlgsNwFdjvdS0JKU2tFkMoxWGLboJoytFVPBk6V k6b2wE0GYnxTcFWHp6ZVtdT7eMdQJFHdgWdcH382R1EQIwbVP00.oY1T2Rt7c6QT1HZJdcU6jH_9 Pers0R7yKZPJs8fItP5opwc_tedCr14IwFm_WH5AlXG_gmjrgPpFo0WDZboH.xCjlijwVdQ3lfGg 7sRu7vZNl2cU4OWxt9iUH0BjkjGurwqDd1MSaCucN.5jLMnAtGcZ9u3UgVp2dPy93qEXAmBPOsC2 DlOuZEcVW2KW86ewZuUiqkC_NXFn7yyPFLXF0eR8aZD4BkqBQAJu1r6WKBViT7lI0oJwDRgj_7gf jaqfaM0HERyoNe6NmQSUHZyuqWu7zOXB5iMPOAaZulC6K2OobQUubN0KHIU3tNzhxNITWCreW5Wy W7lV8y.lEzBrKZSylX1NHdDhfiaNxb1j8eKVabyiU50QJxGejErgmyTxa_slPuxediOi15U_5eMi HWZeV8yDt9XJfokIHPAmpQYCkfmZVcRNxU1z655CrS8AkHFplc3SHNZD5rjNX__ffhK801R1kTWE 8NAz4S23bRGA1Ma4CK6Aa5ZnGbWPiS8xor89ujhHEZdOBqwZIY1jviaf0hCW6RTp9NF5deIlfEqd bMhPd6rdqFoS6XcXSwcO48cMZWXdUkBmBoIAO1zLngRINmwPHvqv6tyycMmkapCPV5Rm1uYJ82eN 7pNr9h6SPJTntjDZRX5pk1_QEfb7s5fAalN3vuRYMVrhp_ZCKkAMBy7BBpviAFje7Zq_ktj0Zupo Y4EE4KpZl39nVPDw.L9oI2wcTp4il9feixga_Nk0igvC1JpGrDZV91ySoAkyIOelq2sDHAEXUorj bmSREsgfoZM0OT6uAzvdapuqsZg0eu8l6Vz1oRZ_1PpUWu0oRxdzTGCYQwiTZwI5a.vpq1tIHNNL 2caNmzJI5x2KlbWj3P9E0J0eE9Ev1.XA7HT72nGRi4eMzzl1jxORn2YNKw6mb3f92_cN1NROXI9O 9I_he4SC6kAagEPTfVeBrWyoTPxVMnwwMWHC_UWApPwdEKqxXvBPVnrnjFiGAXE0IXl0me62ujW6 8.tLFzBfibjvce_9TXl49zKN9UxQWJm5dTsG7gL76knC6.w_1DMzNKAYEIYExVdhhi4kVcqMaEqH R6qnNl.j4UP5zWeaFk2JtgJ4yNr5VW9V55yu4l31z2_MKWODbRqCtc.yrg.xQIi9aTrE7ZprZT2r W_0YkSKxAPSXFtcgINp9SZ7GC2BwQ7TMSTAgOGvlXC93d3E9sppocsaHe4c_kBpNLe3IMwQ9b0z4 8TH7FiaKOE.GDJ3aZzEMbGR601wNiLiBu16OP Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.bf2.yahoo.com with HTTP; Fri, 24 Jul 2020 20:44:54 +0000 Received: by smtp419.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0275344c7523caf7a30259e92eaa5470; Fri, 24 Jul 2020 20:44:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v19 11/23] LSM: Use lsmblob in security_cred_getsecid Date: Fri, 24 Jul 2020 13:32:14 -0700 Message-Id: <20200724203226.16374-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200724203226.16374-1-casey@schaufler-ca.com> References: <20200724203226.16374-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 5 +++-- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 49 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index b804bf896552..84ad4404f7c1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -461,7 +461,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 9861e1e11a4d..ff381344f950 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; -u32 audit_sig_sid = 0; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1430,29 +1430,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2336,7 +2328,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2347,9 +2338,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index f0233dc40b17..6ab012e5fe98 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -337,7 +338,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; +extern struct lsmblob audit_sig_lsm; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d3e1bea08da0..82d60474098d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -112,7 +112,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -975,14 +975,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -991,9 +991,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1561,7 +1560,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1570,7 +1569,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1748,7 +1747,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2401,15 +2400,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2425,7 +2421,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2437,9 +2432,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2460,9 +2453,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 772d9f20ab5f..e70d8626208c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -463,7 +463,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -473,9 +472,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index d641c6dc5933..c3bac45bbb79 100644 --- a/security/security.c +++ b/security/security.c @@ -1692,10 +1692,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Fri Jul 24 20:32:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11684293 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4212E13B6 for ; Fri, 24 Jul 2020 20:46:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1EEAF2073E for ; Fri, 24 Jul 2020 20:46:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="qNjim3EO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726411AbgGXUqF (ORCPT ); Fri, 24 Jul 2020 16:46:05 -0400 Received: from sonic311-22.consmr.mail.bf2.yahoo.com ([74.6.131.196]:40930 "EHLO sonic311-22.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726863AbgGXUqC (ORCPT ); Fri, 24 Jul 2020 16:46:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1595623559; bh=b7wuN8afpWNgMv8kzGzPK3VJGEaAT6lmwVX6V51b30s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=qNjim3EOaIyIfvQxNtQ99BQYYa2NKH9gS3iS4p5TCje19sI/fY44wVO+AFN2Ztnuk6s/1Umkaua6bE6TXY2Qc47x6ezKbC7fGBBbMSk32dxw0golqk+LIThnTxwzxzb+w5E7/L9pRnmE1XVnWjLIswXRK0ICdoehHNml6wop4IcrR3vB7cCZZEC1Aioq8adIuP/tyQ5gIEU7BDZ2wjmbXCbh5KEAjDKPgXWa+Dg8AxPCOauXeUE5AVPm7+Pg5u5d0vQ18Qt4DWjVfDb6lE+UgCEPJr74EFYNi2CgEoUYjAux6/lr7Bjtt8RyR+rewlRyl0uDVg++JY2njibv7TI2sg== X-YMail-OSG: 5a6jXtIVM1n2.ErlHez_NHwoGr10NjqnTD3fF5tqv2nqAqGfHsaKqt_egRsBQ.j M7UB1lpcAch9boOR.83bRBzxTMMj7LdwbGFjhUwea7hclvinfDdHDLoqX8iwCrBddsmw.adyr6WJ ZweAnMeSmrWsqxh2CR4So4xEvmL0Y49HzOXAHen7YmkKvglnmX6_VTgr1JbjtcQTzEuTiO5deZUu jHMmiAyaunpUM0IFTmEkkKUfp.QfOdjm5uWE.AZ4e_mcSXMSIgF8Bm0wNnQqDRxRjdt1dBv2Cs5E Kerf19zO2qGhE7O3qghOHr0jhwREKWne7x1mUaYjlbxHJTEcuZHqqm1NuF4_wsBUY9fV6Evr.2jc 50WljIc3SpsCrRYrlNzqsfnqKHrye3E.AUdjBDc.7ETvqfq8oUPHtQvKi0HO0xSr_JgiDFfsQ0.0 CopXfZWcd.gZ3sjvteiPNv.UTXpaP_wdWWWZcQKiySxKLxSO9dxgLOeJvf0GWDRDYY00SH9pMVsT hTpyL_h0bDLhOR4nTYM5LhapeOlUYEb09k_mZovrsjvDsUBR.ZLOxrzV1V9mrQJc9ajkOcYAs8tn dAtZHXfgwgvPxDkqdGE9KxEHa7xm0shoI1hYeHpfW4ff4yQJiuNHChszteoyGJU7QHpTjCPUOZtn 53d1ninvCzAkVl3BLHpGrKowNiMsEvgoH3mhdx1Ll7iXvRT96CCJjk4egQaZy.ht3ZokCgCYcUxJ rKS.HcUv8kzpsUlom7tfTUXlDecQuRob8sFpIabkUsNs6SAT1A_b6LkGSYapqVTsA2KQ4Psr9EYC 7QWvQsd6osMmYV__8pBMtCfNfiwxYQsdvJYpd6YUxzqrtqrQEgKbVzwZW0bJ9e6GhvxrXRHDUj5V LfoQ.sUcobpqDayzeo1DrQV5yFKsQoGN56E2cRlbCNCGYRsbfNY90uJ3PW573wMYdC.XLxL1f5ot l2AFaM.mB3BL0fQSw2C1p2NR97FS2xF.cZfp3a48WPxOC8MzIn2n.zXQD9WxjeJ69th6OaubyxgQ GBs8kCbmziOrWFg0MICJjNWC3TfJCwmPBqzeYd39ynWWRhaLjwFckVujRnjgXY_YlrOQmGamT69f 3SmlPZpVJEH78j1C8glg5SdSnSbJFvpmlyP9z0R2oKa5Fppn8qieL7KmKPHpouD041hxMDCzfU.F Kr_9ekjVuc2Y1dTeJn2E__bh9NcGSESWECOhy78zjnKEpDYdtT3dKBFs_1F_41cefmrqEE0OFXfS yxwW1uTiDMsOsji2.Q3Ct8PMlV67CNy4dWOw8HPJf9DVYCOBMkE3.y7VQ9zirCBcDSs_qM6o10FP YpcerRH3qvngZRV7c1_3wPITh3dzXGF1sinltKVRRWyHFQ1DeZsaeoLek0PoAQQC2Wa6IKlPHz8e N5X_Bm_1QJ25WQK8pwg40mCKNC8MKBDXwtQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.bf2.yahoo.com with HTTP; Fri, 24 Jul 2020 20:45:59 +0000 Received: by smtp429.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID cac514323d65cabcf7715e3da7c14d39; Fri, 24 Jul 2020 20:45:55 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v19 12/23] IMA: Change internal interfaces to use lsmblobs Date: Fri, 24 Jul 2020 13:32:15 -0700 Message-Id: <20200724203226.16374-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200724203226.16374-1-casey@schaufler-ca.com> References: <20200724203226.16374-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- security/integrity/ima/ima.h | 11 +++++---- security/integrity/ima/ima_api.c | 10 ++++---- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 35 +++++++++++---------------- security/integrity/ima/ima_policy.c | 14 +++++------ 5 files changed, 34 insertions(+), 42 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index d72af93f8d6f..0c4787c71162 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -236,9 +236,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -264,8 +264,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index bf22de8b7ce0..ea78825e0033 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -164,7 +164,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -183,16 +183,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 3dfb573c7171..bf66e3e6f398 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -54,10 +54,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e70d8626208c..5093f9b4db8b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -188,8 +188,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -212,7 +212,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -386,8 +386,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -426,8 +425,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + action = ima_get_action(NULL, current_cred(), &blob, 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -466,16 +464,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -493,8 +489,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -675,9 +670,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -773,9 +767,8 @@ void process_buffer_measurement(const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, - func, &pcr, &template, keyring); + action = ima_get_action(NULL, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8f9c66a0a612..6a8f347001fd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -422,7 +422,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -430,7 +430,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -500,7 +500,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); rc = security_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, @@ -544,7 +543,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -559,8 +558,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -576,7 +576,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Fri Jul 24 20:32:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11684335 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CF8D713A4 for ; Fri, 24 Jul 2020 20:48:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9B427206D8 for ; Fri, 24 Jul 2020 20:48:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="DzYcxIW7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726652AbgGXUsP (ORCPT ); Fri, 24 Jul 2020 16:48:15 -0400 Received: from sonic315-22.consmr.mail.bf2.yahoo.com ([74.6.134.196]:45174 "EHLO sonic315-22.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726411AbgGXUsP (ORCPT ); Fri, 24 Jul 2020 16:48:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1595623690; bh=Ly12UW/26pUVUmU5E09Us+Lx6NbWbU+UiCHgx2iosTk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=DzYcxIW7a0pN8zaw6Wn+XCBYvfkAdNMOuTvHisnDEevQN2BIJerVpDNg7rrjIApZJf8f3Xn+5OIwflhZEyncZN06XCl0PG33YtvmlmNZSa9mV24O4SAt0CqAX4MxScnsZz4KbLw9OH7e0bYsvJZXktlFncfmWwd4/NXpPXw8BY2KA1NzjZksEoX/KrEEAwOUg/FnZHDoSCFGiud6H+bCqoUGdfUAZ+T+LB4fmEZF7rVPl+JtA9s6j4pDmoHAcifvvye1ps8YxL4ybqX3z3oJAw0Ji+MGI2hciMxVQm3ChoJ8G2eMf45b7omftCz13OsWUyB+Sl1tFhp7Z2IUDwWDcQ== X-YMail-OSG: BL97GcQVM1kOsIFhqLKqJAgPR1eg4YSHCSE8zZ4v19P_.qPiopKnlrZeXKmWkdU paQffguXYNGLmeBh7BoDnmat41XLA3Z98VlYgxmquElsCz5otQ0n.lERMqWYIdK4Yl_Q6jxRKqct Sf1satSAgYQxyLXvXbLCzBRuVtrOCTDPm1O.A7B34e2Gaos6UKCb51I5UA.gmG7_TkKeSPFPraBh 33nYl00OoiOK.RUzxgReaKQsa7zxbxXJ22vW420wZbmCYmlxED0HNyvU_19b5l.Oxkxlp0NEQqmn nDClvAuwj0pQ6ShvDpP5UHA.CBYskgXOr8T0Eg.42dAR0cqgYBfvk0DbBXs8.PU_Y1Lq5Ae9Zmrv u9bsiY9rmkyrmeebcRrwzMY25JBDBL__P5LT3rBbCdWv_8JOERryBtNV3lmczfHVHmrGg8QjQ1ej Tt0nnKJPIWQy4b8j_RoqnZBlx8Cjgx.QCcxQg8ft2S6NQ_CREyqvoz4iD_c4Q1taAZm0jyX2eSdv aVi7TQY3kAlU3KA8ZWWDE9cLvsR75hXojEnhkNX2qqOOAUDax8f_tuAQoE3LAZEX2_MzeaQ8n2Qi wNjFYVOHqgvVnpLjU_ai1923PSnev0egZa7rtROcC.Y6jooP1F9DSezLVKGo3K9rAA9oZOOy4zfx FoSila6uXUT_ZBxi_FXbPdJnC15E5ydQtIIOT0oU4NmbybbNzhDhxdJTSJTDx.ggIFzXzCiSdgPa xwUDiSz2_EDPIRqd1U64VdCOINWwVpL4w_r2qfPDEu5Xf.FG2lCoxZ_eUl60OpdQmMoN9TelWeJ9 JEbxj7jPj3sFeC0LKWQIwq.aMQ090pu1W_WEXfVFNyFoaEy8.a2w0_6EzB.y3ZQWiBtWhnKwYzJp nkicELh7KLDeAgcTrzPEqcldNmtflPLtT76J2fEcEAnJODO8n2K29ftSG1N91f1BolEqjpJXv9E1 tgHQfxLDIYtIXbfh8Gs8n0u5w4yQ_xVJoOe9tZB4vxGdFOm_n9kNBk3OfRaBjMWUmdu.a3E_kFSG ZGRT_fQSEQ5g_NGp6LtvBT45EzRCwHlul5tyQKXe8KNxQIE5HH835DRMnDizy1f9rzy_bSENjkFE aOJi6Op_xhH5oYe7EkAdDu8wilg.sKczfLZVtU1HfVGvZ.ebu2nZ9mHMvPQINIznb6fN3E44Ne3v do8Kq38bCYtghJBLuew1WZY65THxWgCBhab9ccRfcUD.zaD2aOwgno9o8p55awbBLY6FAZjPxLU9 2Pf0GgiETlFZA447u18SV_VYJ2XiG.iF3bwlepVKw1POV2tOiBbEESm1on8HFi2zUpqtKrL8RXyr klHPYQqM2jIC1eoK_gXMYsuj0NjX9xao1JS73HlS.ojQEcpCJ4fQk9M6jjTFSKJ1NjqJFXCrZEwA bSgV.MVOxvPi6Y8KKWXwsu66XoyKNXJHdBL0r1w-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.bf2.yahoo.com with HTTP; Fri, 24 Jul 2020 20:48:10 +0000 Received: by smtp411.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 6e86979c32f3a276b0545fc8a37af670; Fri, 24 Jul 2020 20:48:06 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v19 14/23] LSM: Ensure the correct LSM context releaser Date: Fri, 24 Jul 2020 13:32:17 -0700 Message-Id: <20200724203226.16374-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200724203226.16374-1-casey@schaufler-ca.com> References: <20200724203226.16374-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 46e2a26089cc..b7ab206f8bb3 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2863,6 +2863,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3159,7 +3160,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3492,8 +3494,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 71ee34d160c3..ad36d5fd7a84 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1272,12 +1272,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 2e2dac29a9e9..8fe09ce2eff7 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -130,8 +130,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 996ac01ee977..61d6b8a0e8f0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2496,6 +2496,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -2998,8 +2999,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 84ad4404f7c1..f67e4084b893 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -131,6 +131,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -525,7 +556,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1352,7 +1383,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 31ae605fcc0a..30ba801c91bd 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; char *secdata; u32 seclen; int err; @@ -102,7 +103,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index ff381344f950..3378c773b1c1 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1188,6 +1188,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1438,15 +1439,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2116,6 +2120,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2129,7 +2134,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 82d60474098d..ac6836c1f2d3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -980,6 +980,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -997,7 +998,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1210,6 +1212,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1243,7 +1246,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1389,6 +1393,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1397,7 +1402,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 1bb60d2cfac6..6391a570f9ad 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -144,7 +145,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 380b660d0d39..1c45ca8c3c21 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,6 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -354,7 +355,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 244c6c2c223c..fd01d778c295 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 44ce42e8c82a..c89bd87d0dae 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info uninitialized_var(ctinfo); struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f4a6204f4205..5785e6dcf54b 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index e1c9f87db64b..a6d0b6851a66 100644 --- a/security/security.c +++ b/security/security.c @@ -2227,16 +2227,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int display = lsm_task_display(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);