From patchwork Mon Oct 12 20:19:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11833739 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B1EBB139F for ; Mon, 12 Oct 2020 20:28:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 73E0F208D5 for ; Mon, 12 Oct 2020 20:28:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Gjy86EB6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729259AbgJLU2W (ORCPT ); Mon, 12 Oct 2020 16:28:22 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:45349 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728434AbgJLU2W (ORCPT ); Mon, 12 Oct 2020 16:28:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534500; bh=YdaRbN0Xz+PRP40QLWAk75pK99YOW+Ux/btl1vbjieY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Gjy86EB6ztJXd+bUPLqO7FZa8d+eWCBOQQpEKS+eOKP2aKiL/1t0xSa0sDCo5thn4ImMPlXIZvQO4D6p+PNjYgUVNtYjwrtE7qLN7/qnmJTR7dvmo0co1b6dyXUdmhbOv8a1Dwg46HdbJxWJuWvlE3FpowZTRzmeRluge1z2pJbEPDtbpQ++PwdDDdsG+rZH344ROgC6lkyJvxBRrdY/SKFwO9PtmSRe9OxUic8WmIwaH+3A4WrRsQkKTUI6RF6azxL2ikR4D1g4+7BH9E5QeBy7U534tw2I7igKGtDXnWW+onZfDR0C6ZyFDeGlerwFo32PdPFL9XXnX6PsRJOhyw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534500; bh=ZCnqDG1C3V0Miagk2EksQAf3aqjl+gept35H+bmRK8K=; h=From:To:Subject:Date; b=Oiv6U8ZwmhrbVywk/WH0Ztyp+jQlx4u6XpFs3OtqkcVPzHQPyu+M2I8eaV3VeEutCIrnjFWrJoDdmOaDsx3fDCD87xIGhro/pQtBsH44x60B0uG17Q2jQoDD2CiFmfBTnrZNOZ07DdkvMOdBzhEQw+9RRLtu/ikN0TmiS8/tT2ePRt5d0XJSV+47WLUZ0G3cuQpjS1ouF7WiKuHTTI5lIZUU8WzdKEJRy55HLzILdjEx7lkybbZoL/VbnUafa6kBtCyna3Qd+QHUH5nQbLGivO1DfGb7R3n88dlRcLD1xrPeVhhJN0ofptyG8pMEbxdKCM/HEE2FATQE3RV4sf0hGQ== X-YMail-OSG: k_Ej6gQVM1kxGikWxKwvQKDvRRJ7iTB_ALU0kwn0zbKXQ6l0COqNv6f2lkpnIN0 .SaxEQVKDYy6_oWJ0wnpKIHTbvU00O4v45SBw1nevxyUh8b.qeH1bgO0SIxcwrwb1VgbebsUGU1l lX0E22YOaoEnUn0jE.LmmIpjfSCscOVuP7pcuYnksLnHWHYhZML94kSeZouWL38pps5TWZuPrja8 XFmvTdCtNgFzwPc0OmunyGkqbOvkJRxcV._x9x5MW5X48zI_CI4DhMoaOsjyI4kfGxN58rKj39sQ DOJtQCWVrS4i3jbJQdOu25qjasGtNsV4CmV5eVPtXbYnRJZ8l9sa6RfbWra6HlvVk6zUnbhDj4EU 56twcTBJn7Z0id4M3CQZ3nOV8qTUqALDMxTe415wqUyPjMTZFs.3e3kpeTLzKeYLv1anxMXPcmr1 lsWiY8Fj3Kl3BJMptWqv2.UiKA9h8oH6ULsoxB6y1RhcMjXeMW9tDxg8KzFIfBoF3Z2xE15HrzFB kiOHHqEPjXz1eTRKdnvC8LuhndcygPLElZdLz_6Xz3Fdf4Qlb01wLtm.lQJ547bmDjMcPAzJO9Dh ea.0Sw0__gLhRBDfgJ2hkdXJGaPSxELqQTPdSaTm5w8DR1vGg5MvzjGmgr_2IXcftd8gtpwwUS4N 548qIhgR3VA80FYdS6cHi.Z4NQBFCoZgcfWIQltzfIgNthQFbbjG4bgD4GpWqPW_1brgew7PJm1a 8UJhniLqXnFti2ksy5CqW8mmvngWzpJn19yqbkBa2RF70OSow2pI0LFMdk0tI7K49nUqjzsR_mLZ QOUMmo47yb281rToh1uw0pLs7Kb3E.NtCkhZCLoz_bgXbyRf7LBpEQk4TXR8Xieo4D1PrH8Yjexp U8PBUmkrCJjC_atC_i.PWuYA.W6LmSVDSbxnjPzdRJrnH_JUtU27D_PKzUVb3fjCNVZ80jhArRi4 Dp3zTmNGLN15vW92043EynUaLrRKNPeMJueYqIVCIfyRxU.Os0rakvtA9dOXkUOo4MfCCYU_uWHS K75py220H7QHq5qsFtBXl.0tAsYTd.jgmzfJpZOeV1Pmh7HfIztxb_5TM6EAH1iwH.esIIhsnp7y wcY4vLDkBOJHRYb6RjNW8RaSPEVCqFGl.IYStXcLTblEQKc.leN3aXr7Zq1y3lokBMEFm7VYGYrX noruD3crVFRw5hj8ZwYQ4K.8eRc0FrihICXO1gBr3lUSpMo2kq3fyfgh_i5SLjtTJjxS.yVOCVwd La0bHdbB3VnB1mPSCnUc.KnOXptYpABSrO9iUT6zBS7QE8_aC4iheA71qgavPK5FiZWPGj9hhhH2 19WBQxXjhOY8mIPMrB3cMc2m2aKQizHQTZJY5F06uDXfooy_q2_Dcapkux53.tLQxf8huuXn97sz raCmHBst0yewb7iaSuH0gXTMHRWY4PXSWQ0PM.bmHZjumm2en8xdxtjfvNun_yYWCyTNh04BXr4O ptNTdFgaBpjzS_Sk_p2z82QhZIoidVXsTXh5_gppjMTf7uMTqhEJlP4fZqqglbaDtLlv2LZx.l_F 3a9GmLcW7BxQt80faOblDrKYatz0r9wIuGNE- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 12 Oct 2020 20:28:20 +0000 Received: by smtp423.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 9db8d489338d1df0f4e364c5820b522b; Mon, 12 Oct 2020 20:28:17 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v21 08/23] LSM: Use lsmblob in security_task_getsecid Date: Mon, 12 Oct 2020 13:19:09 -0700 Message-Id: <20201012201924.71463-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201012201924.71463-1-casey@schaufler-ca.com> References: <20201012201924.71463-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- drivers/android/binder.c | 12 +------ include/linux/security.h | 7 ++-- kernel/audit.c | 16 ++++----- kernel/auditfilter.c | 4 +-- kernel/auditsc.c | 25 +++++++------- net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 +++- security/integrity/ima/ima_appraise.c | 10 +++--- security/integrity/ima/ima_main.c | 49 +++++++++++++++------------ security/security.c | 12 +++++-- 10 files changed, 76 insertions(+), 70 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 40e5e2f5b516..1d9b0e385cd0 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3110,20 +3110,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 9dc11a8d9b60..0e58fa8e887b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -477,7 +477,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1142,9 +1142,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 605f5125c844..0f7cadd5221a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2137,19 +2137,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2357,6 +2350,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2367,7 +2361,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e27424216159..9e73a7961665 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 35d6bd0526a2..8916a13406c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -473,7 +473,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -670,17 +669,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2440,12 +2431,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2461,6 +2455,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2472,7 +2467,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,7 +2490,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 2ebe29ddf05e..f4a6204f4205 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1557,11 +1557,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index b8848f53c8cc..a782d8094984 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -54,14 +54,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8a91711ca79b..9ad475f6fca5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -382,12 +382,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -413,9 +414,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -423,9 +424,10 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -462,10 +464,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -486,10 +490,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -647,7 +652,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; if (!file && read_id == READING_FIRMWARE) { if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && @@ -669,9 +674,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -755,7 +761,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -768,9 +774,10 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(inode, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(inode, current_cred(), blob.secid[0], + 0, func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index b6ea2f6dab9a..6fda656e2021 100644 --- a/security/security.c +++ b/security/security.c @@ -1783,10 +1783,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Mon Oct 12 20:19:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11833749 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1CC51697 for ; Mon, 12 Oct 2020 20:29:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E8AFF208D5 for ; Mon, 12 Oct 2020 20:29:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="GeWqNGKk" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726841AbgJLU31 (ORCPT ); Mon, 12 Oct 2020 16:29:27 -0400 Received: from sonic312-30.consmr.mail.ne1.yahoo.com ([66.163.191.211]:44721 "EHLO sonic312-30.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728434AbgJLU31 (ORCPT ); Mon, 12 Oct 2020 16:29:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534566; bh=lsqAv4wr2ivPICctHHG6NywIyyi3rn9RfeZbqPkoO8g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=GeWqNGKk3oN3Xg9qRQFvZF2/K9gStYdsqHE+7frLgiXHXJumHN+HmP+zoCHAYRYNRjLoGuY9u9BPEKgBUSmgKYMC5td1ckg8DsOZd4yGjsWCsrF+zYpdU+caKOj5BE2wOlNXT2cn8q7F+xgqzcc3UBPfpS8DXl6hFTH8w5MTNpzIYMBtvAWY3oODo25HO1XCk6m+N/sppbtmzCvXdRpsQ73eOmbJOkjBEfilygqG15MK/8Okmxa18onBe7afQCZQQBZvpYzg6tWE1K7wy0gC9s/YS7qGc1xNq6BkJ+dp8jQXtm2NOvADljlw2Ib4wEj27XjAbvqEaf1pQJpYmpOGNA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534566; bh=ig1gu89+275uG+iaYd6OVifA2jT4jDFeCflq+zfoBbM=; h=From:To:Subject:Date; b=g2Bgb+8KdZLSG41Xb8xjL0PTdrB/HMnzMPGUFUeZExk/l91Rh1D8T3UImIAHvGno91iwIx+EHIzFzlDOlImqCppVkRwbB5W6lUvwpuZOadsXGRBakhjr9uXZWvj7KjapH/dIra/LmzRKjVAdpykepFFqoXI4VhFMcslJcN8sJgBaZVWLdI91aXJXQ6/R9QByVTRJ3j2JKpPZvP7bx/T0wxk3NxCfF7YN9OJmTM1N8NhYBXmZMx4n8/b5PRdrIi2ltykRGHKQgx2r21iaZpeMwm0yN6IZuN/seKJ60FgtV74PknGGWydL8hAYAZRYs18fIK8i/7oIJBTG2wyO03f1Tw== X-YMail-OSG: vNRNpzkVM1mU92mIpUsLqZbjXEkeMEFMTdXinDgMSS4Tjf2M2Wct6ssMWY7OdMQ xDDJkn54z.M4d.cbxizlHnw1XHg7yup2W6DjUpVA0R5chdUXyOhjaQAKIPXA0JKPuWhT3D547ReG FNME7lGmFp7aN93sNJERwt0tH1D1Zlr4N.fu7ttTA8cH7.JB9Dcyy9kk5fMsFGMdCGZKAtLzpI8f L75_ECMEfqPuxTPfgcSjtAvlFYTL.GKmMUa0y.njk2FPJklpuAIFgXQ1T3BxAVaVonCO0SGBcauY 3k1iF6L.zlgaBTqMj6Kiq6AJSikkY9tEqlO1j.tp59_X2oiDQZLAuQ_YwPs9Q446ewauzpRszIp. PywYx2wxjbWtMF4c9gHH7c8_lJ9NSrmd9zFAiTWwD.3IHqkz1GN8rgpy8uwdd2U.jKRiNB0Jiu0R R0Tf1jVbQZvrcRRuoZSofHnlc9D5yED_Sv1QHpgGj5yVqigbUc9iz4hRh97.xFD2JBoOtWJZzH3h xBIR8eWgw5ySJEV9fODjUCpDcOJ15I1LRTuScq.KwhH6ghKLpxIrd_Rqrz_syo7FgdkExa7RbDH4 7IQRYOzglDtq.c1G1lwuRlQtbW4eP5.FS.GcCvQDA9Yat2OhJG2TySIu2YS3hhCYw3NIXgPUpYw4 yXrvhrw0hJIczntdSbuSGY4qxl32LCTH2YScIw0IAiWHssWpn2FqDxGlpVybW5PLgZm2Hxn0bUWJ S7xgIv40f_34slHKwA6sLD3lHznOdea.rkxBz5RkYYTFhA8toCfPDDy_9V3TraLU27BOQJEJaAwU ADOYVaj2008lhrVltp94vaUmyT4pzMktOCx0vmau_cOjs9KMPP5HmYmaOOtrY.qcqSlmpZ0P1tV1 s4z5r22vWiv8vRwvmpxLfWHof_rs8M3z.84Ul8hLvDB5bfoswrzRVSD02Jk7HEQ09M3sV8RoGpbR t_bcgn.RCjsyzrqioO_Y1Ei6u_3QN6XP7QdOuxy_PlHcPIUQzBJU.EEjFSjV8jhLP7G4SU70ZpBm I0AQP4Guc_6GtxOjBHp3zeYPDcEBCQ4L5oVsIs338WAkYC.yufcU.YPfCQRWMVd1GQuIwFkyaGd1 gy5MndvZ_0rZfxfFIHnQGmoFLMSQh6IPxNMVXz.gf3jCuFRqm4iGhtR5Z6cApZZ2Fqwap8NtGCSP t7avzK_APgHSR5bqEkybqkmUNrTcxCt1gTX.5Vno4OM8iiedbB8Qn2uhi9fDd4hNEet0wgDdkeOI 9ur5rX.qM81l.P2ENC_dOKzMMWu0bKf5pKbkqh7eFU2rvzWyxqzfVqXbKIUUzW.UV7wfHZdfQmDK QimfpsMfKl9dOwQuB9i0W8CT4x.AFl8M43qqYU036AOQ2Kxa8gGTz31dcEPa3gRMv2lqDCL_y5Ay 2gz21nBklww9.xfyxfv5koN433EV6bvEjo48XWGtuYZ2Imc1PvEn89j9dC8I_Pty8jTisucy9iTp 61_7x6TvdOJT5ikjzNyqNH.o7mnH6.IjwBy_wT7On5k5nAfxAgmqAPiKYcGc0p1N0pEaY4XRxF_T EZpltTabARVMXqs9YctKlByXU7NfimY0gth_D7EWBgg.cHUTNXtk- Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Mon, 12 Oct 2020 20:29:26 +0000 Received: by smtp401.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID e75236e965a16848586e820b52d91cac; Mon, 12 Oct 2020 20:29:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v21 09/23] LSM: Use lsmblob in security_inode_getsecid Date: Mon, 12 Oct 2020 13:19:10 -0700 Message-Id: <20201012201924.71463-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201012201924.71463-1-casey@schaufler-ca.com> References: <20201012201924.71463-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 0e58fa8e887b..bcea823774cc 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -435,7 +435,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -958,9 +958,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8916a13406c3..b58b0048702a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1980,13 +1980,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 6b43ac22220c..8218f68e7b96 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -499,7 +499,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -512,8 +511,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); diff --git a/security/security.c b/security/security.c index 6fda656e2021..91e51ae759b9 100644 --- a/security/security.c +++ b/security/security.c @@ -1442,9 +1442,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Mon Oct 12 20:19:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11833759 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 528BD697 for ; Mon, 12 Oct 2020 20:30:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2E3D42087E for ; Mon, 12 Oct 2020 20:30:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="AJrgxvsZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730103AbgJLUad (ORCPT ); Mon, 12 Oct 2020 16:30:33 -0400 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:45995 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727484AbgJLUac (ORCPT ); Mon, 12 Oct 2020 16:30:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534631; bh=c9QxPSRYew/TgR3Tcb5aaNmfUC65ALc8a3jjxyue+y4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=AJrgxvsZJTAtKMLCtY5l5LKrN4QLT7yYUW/ox9jNuUAYbBEhaI5Omf71EJlKsy+UeVqgmhCcHA0JGwx0YwQNneTjF1sUkiqceIoq92UKpfLJb4iMsAeOcsfdA25PBsRMGFfR3l2ubtdo7vG5nLW0kzL28bmEWhNlUqYHs7oilt0yNqCJgrKft9F5vq4JHVrbc/cStyH5vGTSM2drWkpseoaiTyNtR4H1xIuyftRMNWjhS+mTLfodvATW7WLU2qn97cKbAsNhq9tAfr142wiJorgPDvBQNkHilfvhOQTAATLu/0Xo1YPAmWK0WPuNaExSh0L3ItoIQ83RjfM4Y6KTvw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534631; bh=OgiruolM6qyH678sI5tqEO/hXXCXK9HzMLk4e6AKFtY=; h=From:To:Subject:Date; b=nk3aY1W+fg9GcyP6LVrGjvW+lH4/ItQ63lsXJDqwQktne+5FqaYqTLr4kat2Tf0Gr6Q0slKelDY311KCzh+TCb64aOMZ/PiVVCeleqZ7+i8JgORTEZwcIHDm67UiEHX3tWP6yYHjew7fCwlwt0jrsZxI7KNZ3SudLDSuG1BYqDU/9cSWteha0nAGjvCoLEJyUi4E4R0ld1rEaD1d6Y+prloYkztxNEXQVISOh+9yRIckAeUlstIzR1fiIYXD/nZKNfwVCoqz8+WpPc/7lps0jJv+AtSiHviMCPTnMPCrhxueog3Fh9lC0pq3OJAqT2G/2eFiW3nYV7St2IKNoKb0Sg== X-YMail-OSG: x1gysS4VM1lXNkheK78iSvTstYVBGkrVOMAw82hbrbso5umwXBrMGYXd6e8ykFq MX3uXNe7OPFudAupTbtCPvzNASdhuLcMTbJt8.EUW0SUrtSSJdDZg16x8NRkGEQ6fCNKbfN4mLTQ Pi2aiBwBwOIaslJljjWfPy3Zw.GedKaHgTQYvMNq46J0KPX44EDcuKyVbSTctN1xkRlESjnRW6M0 rIgnyP4pzjy_GQuRSwhxZr.wReQ10Z1nvYBW75EhXr6hIt_QO2cyBIPnjqHBUAAh4rWlGFYmQRTt y.34HPo6m7cnBTXhsfsBPXnUIwZCBpGEruQnSNyD_WpdGPaLZKq9ofaZOi2YPRrOweRsxt4mq6uO EzNXz881r1l_6LbsL3Nzh1pmP7N6VbKBPS83C70VaQ4tk4olEOqkaiyShSzoZVx2b1cP71lEPou1 M0QvGGr25_Kwe4qvTLwfFzxGgJOEE6IuOS6I1gIvHe4aI7gLX27BiPKz8UwFGrTvvC4dZczupaKu vXQW6MNfRfPtVVKMp2euzqPayW98_b1Yxzwgo83d9KDrUHN7gPSrvS.Qpt6muPOuWExpi8dISJzF zVgrfYoh70VpvakIdRhQ_lfGn.okrn096wwn4nU_fTqYrzNVDAO17lrLgtW3l451HgCbSTxjHXoQ xTEeMqq1FmtbEXGVw5lOwMQ3eOUWKWZlR_82JY72pVJ0sikJNqkim8T4R.UDx9HlUMo3EZqMu_GA IhOtc2C4QxfL.fDON8QVBypVPl.6Gfw2Be82HYjZ.IXhj6eW.6qsfw.OhSbh7or01RRZR633TEZE 1Ne.qmTBg6EPhPO.awuSXWOhn94pif2H1vyLmQCQ3mpFqX5HdN5tGtlWbPtUikWkn3qUpzbQNHwN 0VCSh0vW9VGpThl9sXffWPelatvGPixFujw6D2H.7YCIGHh7AYNciL7GYA45La69MK0ZHxWU7fth nGvcfgeEXXG0c9cxoR9kRwBlws3_ph2j7I92wLUXElH6b9u6v3jsSa2i9z4mn2DvlayQJI4.xFgr 0t6HmMZr9RhB7RSH1c.FRgxzl9qLqh8p3EYB7wo5GOdbqc0TqkHPbrbNef49Mhe1.42jkGHpR0d_ Tcpd74FmF_Z3sR9VJpPkgki8.MvxwytrXAQ2z8uKAxoVdYKdXgjVLNhhkB.CY3GB3XJOGTbpKOIM lju1NO1JezmrJc57ximlIS_fF6WoQPVlRje_b70_aCrZzmlVxlZr8aEWCA2fUc8saImiYCxK7uuM .ytQD3yExxb63hCKSLdDIX8MH1wEwxvOJGhjF.JJbXFGwWOkuZSdQISzkabdadO6j94nicAOyT6J IfBGvnLN.7ldH.mVgh9FuEeYqu7kohC_QTMubfLvMhq01TEvqvq0ZQruX2.C_lNiMItgKP0clWx1 FkRLe7jkWQ9gr3Lx2EGa58zNFBqAJOSbv_OYTXBUvKLhd0lXFJ_KoR_CO6tzLI1hhUz9jyn1EtIk se1IcADrNyMiFpGJJWni3Tz_UKafqTDwBrXxWhz8LE.pxyM9_BMLb5VD_NUm93c7.5dVS3X7UPQR ScDqOb4OS51fn4PGYTvVRstRUSHx0.h8ikRaycUA- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Mon, 12 Oct 2020 20:30:31 +0000 Received: by smtp416.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d3bc5fa7a9d74428badbf4fd18883a9a; Mon, 12 Oct 2020 20:30:27 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v21 10/23] LSM: Use lsmblob in security_cred_getsecid Date: Mon, 12 Oct 2020 13:19:11 -0700 Message-Id: <20201012201924.71463-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201012201924.71463-1-casey@schaufler-ca.com> References: <20201012201924.71463-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler cc: linux-integrity@vger.kernel.org --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 5 +++-- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 36 insertions(+), 49 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index bcea823774cc..183c95b527a1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -462,7 +462,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 0f7cadd5221a..88b55b42756e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; -u32 audit_sig_sid = 0; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1442,29 +1442,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2350,7 +2342,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2361,9 +2352,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index ddc22878433d..ec0cfa7364cc 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -329,7 +330,7 @@ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; +extern struct lsmblob audit_sig_lsm; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b58b0048702a..b15222181700 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -113,7 +113,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1582,7 +1581,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1591,7 +1590,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2435,15 +2434,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2459,7 +2455,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,9 +2466,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2494,9 +2487,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9ad475f6fca5..97b26c425ac5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -463,7 +463,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -473,9 +472,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 91e51ae759b9..ce220810e7f9 100644 --- a/security/security.c +++ b/security/security.c @@ -1692,10 +1692,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Mon Oct 12 20:19:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11833763 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BD6CA92C for ; Mon, 12 Oct 2020 20:31:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8D0692087E for ; Mon, 12 Oct 2020 20:31:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Pc9tYWRA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728931AbgJLUbj (ORCPT ); Mon, 12 Oct 2020 16:31:39 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:44083 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726597AbgJLUbj (ORCPT ); Mon, 12 Oct 2020 16:31:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534697; bh=vVAwaQ/x03aXipfIdVlCB2SBwQLx1UNVfpY6RXv3qZ8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Pc9tYWRAlvME8qtnyltz/AqSPABvz/cDwxKYPw8kwB7IOdu8umCda06deP3zlpPuhpMUIgx/2gpcSG7rOrb9eIn+XwpypWGyjsE1ra2AP3+SlxDyiDOgNkft9+fNEdMJdMBa3fXdwi8PZj+KquPFlpAhDCQkdLWo274JIkyWP3W7GDl532SIl0naUmGlvVNCNJUY2JfkHz7vbtN6+1uBgS55HwFE/6DMABGte3QKscmB5IoajRaFK/5bOULnKxm+zc88h9KCqpvW3R7k/XpiTSTgvn/8FXrrRpkSkBDF/n3WIrjKMzOjt2mzz79RnFS0snIIZzCE5apuj42EhMDFKA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534697; bh=R75PYXL/sAM/xyEKvnQl5fepkY9TJQkter2761hJsaJ=; h=From:To:Subject:Date; b=GhtJdaEjNXpDGmjpdmcfD22nvpVjX8368B02aFepthkFoRLd2N88aGWeJikQTRZ7qMCDZDRVxfmaY9DXz+bilkziYG7vhoblDWgQmW2CCe0PMJ9gOtvFsfjcMau6Vs7XHbLh0PRgx5gWyrufMP8NedfqyNlQuLAVmsg1//P9cfq7B1EKNR53nq5Oqk/J5z9GzGkNO+S/WCKxCeLfb+BdWwkdX0ilnsN3pupXFuO4aGhu1JlrpJssjGrptXkjTYSCq1HbLtLLDn0wRvZFqBipcc3k136r9upFMiGpxhVyXp9+ovTmM1THu0fyzUwAZrGMqBxQta9kuUszS2ZvdoaOYw== X-YMail-OSG: k.jWv80VM1mf84CacHQDk7W1D0pmZf6RiZlEggr6XCmP.PW8laIEqNGQgIuibLx cJ9DKSJDjKcTmS5_rZRcM6AF8YNHjze470.zbcvl7PM_brtQty7Xd1rKVg0gZIWbcDQgcqRF.xiG ZlzK41uaW.XkspJpa664WzemOXm4FaAbcpmSLfVbfuRoy4Zkn0QmxgTH9YkS9zz9pKMSi5K6whYC ZBB6m4w_RzBW2SIlO9Ncd_15u.Wz0ISSr6kT_vZt327mh_szW2o3l_yW0sKhtbxgYLuiXxcYn32W B_5u3ii8w26wewVnUcSz_gfQztoI86Vc440CIxJrow1Lvk06xWtl7zTX5UHCr7EycqrjI.OjQNzN RzHZmQDeFvTXSVUV4IXbOVkz7qk2MmGM17mz6xuZiBJ5c.Y.LA9eBM9sZy9pBpbqVVxG7MWQ27MI yskEP9CVdgJinFTkIdHPKqNYUKSK6YwDVZPVGiIhRQla3RD6wLP7WqFLnUhtr0gORS1ah.OLYdvr aTDWlWtYxlFb0umA1.3w4merDs5bzd0_4GXwmovHyCFK211qLIUnlwWGgK.CuLX4Cha3B1hbUgb7 UnWrpLvW_8XQ_r8lW9NGzwDq8UhHAbBzy5yu0ySuJFLeGA3gS8tElY4JpP3rn_pfnLU7w.Z3VxgV UodDf2j1vPauUGJ0aUBtoDy77431eW7_UJyLblJrwKtfjANT8IUsmKpZv54_AuikwsdpbXcEuAM7 P.A_ERi3vDZL0.Q7Q2HPA6gdF1CCjWI2Jhzj.7ZTelxsirJUY_NQ3malZonpMcJrh5FPFAUnQJE2 hy86g7vfPlYUtMGDCzdczKoFU8tIXN7DnoDnKtGoToS32RFJ1TS5LeLv4yTjZh2f2Jusx1WLErxg Ijfk0bERDhtWc84vVZcb1uDdM8i.ufs9vACaxwiPfyOUxrreuwYJFDs3NpIHs0Yi0vVRHWLqmlV7 8zcWdGs54ysjG8t6veJbV6yynsD.s57so50Igk0RdGSClEh_Mb5PiXXDiFAVoFgE5T8SQ8pM82.w 6tIVz5hIET7rYTL42qb2lbMI7kGXKSuO.zcqVHzZEKR_UJIpR71jYV9sfEBAVVCyii9Zhk9bNRgV AgePI5P6aD7B01u.yiBGXvgpZH_6Hb5OtQ6fcA7lWbqpT9DC.3XngCFrvfbFBODhO.c.RUfvhH9R Nj7._yD30uEuUI39fOt4zzQbh8AXAhTVTJsu21E26r8G9_OI_K8XRj2z0Nj5OYse0qPuie6WUHkL BSxQW9SH7eXKT94tl4jxA0he5GLkEhowcIj4oUvqO2BE23a5wWwShwsPwgmnKwPg5IfRgFl2cReX DKWgdqVB_YX0oM2qEbbPv2JTrR1KqYBUFL31rEU_unfx6sTyekKFeVzhs0FG0yGlL34CDYUOXrGA Rf7sB3ap2qxtES1zU9Kypef8TNx9H2epBn9LZIKufCZWPRPvsHD8i3qdEE52OO2BKpwSCw_D7pFm mn_Nud7i7FTioTIKlLWPPff0UeeZTH7toPjH9Jwe0NPwuQXg2a_BKXuH3cIxpPW7C16YncQt1i5K 0AvdSvFpAIsz.9XrtAVfqxHhWNVN7ZWNBD3vcOWXnsOwRHAzZXzE70zA- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Mon, 12 Oct 2020 20:31:37 +0000 Received: by smtp423.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 80af1f7df6ec7b1180c84c54494b7bc1; Mon, 12 Oct 2020 20:31:33 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org Subject: [PATCH v21 11/23] IMA: Change internal interfaces to use lsmblobs Date: Mon, 12 Oct 2020 13:19:12 -0700 Message-Id: <20201012201924.71463-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201012201924.71463-1-casey@schaufler-ca.com> References: <20201012201924.71463-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org --- security/integrity/ima/ima.h | 11 +++++---- security/integrity/ima/ima_api.c | 10 ++++---- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 35 +++++++++++---------------- security/integrity/ima/ima_policy.c | 16 ++++++------ 5 files changed, 35 insertions(+), 43 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index d7fe1d5ee8c9..81b00d07490f 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -252,9 +252,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -280,8 +280,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 4f39fb93f278..e83fa1c32843 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -164,7 +164,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -183,16 +183,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a782d8094984..5d821527d7e9 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -60,10 +60,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 97b26c425ac5..4031590b91a6 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -188,8 +188,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -212,7 +212,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -386,8 +386,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -426,8 +425,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + action = ima_get_action(NULL, current_cred(), &blob, 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -466,16 +464,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -493,8 +489,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -675,9 +670,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -775,9 +769,8 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(inode, current_cred(), blob.secid[0], - 0, func, &pcr, &template, keyring); + action = ima_get_action(inode, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8218f68e7b96..0dd5730b265d 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -446,7 +446,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -454,7 +454,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -519,8 +519,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); default: @@ -562,7 +561,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -577,8 +576,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -594,7 +594,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Mon Oct 12 20:19:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11833779 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CB9E792C for ; Mon, 12 Oct 2020 20:33:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9C92F214DB for ; Mon, 12 Oct 2020 20:33:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="OXavwf7w" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387696AbgJLUdv (ORCPT ); Mon, 12 Oct 2020 16:33:51 -0400 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:36118 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730649AbgJLUdu (ORCPT ); Mon, 12 Oct 2020 16:33:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534828; bh=7rsASwaMm6ACnpCI+ig/VTH+95yVjBPZaENy6/lmRD4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=OXavwf7wuiaP0V55vgomDjp8cl15oeBBgoBRhVPeThhVsIT9XjvQF+y9/V6k9X4DKvFqYyxcQc8hYlcpav2kjW/Mub6cQlbKkkuSXwoX5acU5IOltuHFheb8D4ZpEXSjqolbbWU/DENFT5BYpmYns0vvC59/9Pv1AL0vZVaU1VLBffAx396WxhJETvGbQsb5AcwAFZBnlyUWfz0lWi3XCXuMD15eRxHKFbNgWHJqtANv5dd9L6s4ZwSym5WR7U+wkQfpJM3jqRRafmvhY7cJYO6rvZ9BdtpYUqwttXQfdG7wR8fpsoGtw9rosyWNhYuxrvjOMofaJyMqB3iOabOeAA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1602534828; bh=UOZ0QwwJ7OleTxFugA9GuJVcWx6DOP71tfIM6wsM2NG=; h=From:To:Subject:Date; b=kh0EpeJPmQwXAkf+7LWO6oN4fg74J8c2qnhO4DtzF+/7HH0j1+UkUXhgfkTlDcTX0Wvo9OghPQ8z9cpPcG/DaBuN5ZLa6q57bt/nhoBBQ62xRJ8/ckfQqMmK2fdugfUWZAejGBbds1vGR9O2GPlj7bisYMCOZkoK+CmQdiucD9S5NVI5DebVknX8O+mcGl68HNywm8z7kU1iyE1I+1jRypj99y3LgElBQc02qTdcBH0CVoLdQJ0jdEpm+lVecR0SB+Jz7IafD6MystdCYJ6aaCs0t4hw5JgSLgoT4ePtE4nIzEPYF5IR/ZeiswbTO+WxkjnzRkt6npkDeHhyGa0Hkg== X-YMail-OSG: 5AeADToVM1m8ODXkTGQVJqHPWIe5OCqRvaDfj3Ik3vYakNIuQ32tDWHh0spW8.E pWR3yi6PC9qsbTEqkbIZgjCagicbnURNamNVFva6DNjLLfJHPmcG9sf23CMQvzvjGNTmw8Io1YTn QJHSJn.dcHZ6orxIC2X6KbyOOxI2UX0mg9R3uS4W7UKFuOpoOwbJ3nz._r5Oli9X4XAxqM83yMds uRDGe9K8QMwB.Leso5kQpihc3nD.X1WUGZjMnuWY8Vr0spQwZG3AGnu8CcEGynwO39p7P8Rxlh4i JMQsTOtwW8aMc3N_zaUdAhWRCKniSZU.x8Z4..vI2BJxZ018XExEiAsL_O1ErmcBcr51nE_Qp8u4 2JuZSJPPM_J_QSiLTgP9ervJbMqrB89t1QJ7wLIvm_83d9csq3qIgUBjeGU0nBeXBeWt_8e0MNRD Krt1evUbaXKu_PC_BdjXV4.k1YUpqKjsnPfWwZuYidL1QExA4JhTJgtaAr.78oCgiw4u8UoFnD_t 9Fm12cgAUMrGz917o_CTjnfZJw8mRV1dORx9_1YPwKwf9_rr3Ite1aRBOkmj7QwK9w_sp5xTFgkq 2xicb0mEaJUde5.x7Z6Z6XNl3kTCx.Eci1vATH4Ay2ruzJ03yqWU0hudXddDVCzKxFMRU1ikq4fF VkMijBoU9EbOfkepzYmC4nzeiUTgkKSDA2abenomw_aPr.JCs.Yw7yutSsBPc9ANEMgPJOhiuymq LkwyyGwRForkARev31zydKn7UgR8u8fS0HyTGhwdnk9yIBJ7lWig9HxCzsWCWh2rnfgBDN3aVWW8 Gea34b2iHGXyb5U4YjGRjDq.uOJmArNdxkxb0mm5KLFf16fNRm33tW4ctnNOWk0zYBAtIg_HynKj wQ8fNtSnHdVRCT7dMeONUYANiXj1FeSeKaVeurw4lMkopQRZui6fKSbPBGDyr_8UFFltaQsGe.Mx aRJvi8YdfnyFmI4CnIM27Da17TdlwG3YKAU7s38j43URK5wujAyDKw4OThsIwNSmKm1Hid8_J_hC d3vBp0LQ_rQP8MmFREWzIdpDesqom7o16lYdGNglNzR5ChqsmeMV0tmjGiaRCwP7u4TGobVJytdk ahIOgtITEmtvweW0IZV_Nc7K.xWCm1_LqNzspodEMgoAG_wHUw63zemioKyM3jTyuzS00QsBJyZz 9cytdUbbWO.lNBazQp8v4jUbbCZYROo.Za4wNkItVlKUva2iTiXI0INGSWGIUxBLUkSGpbi30OEF 1nrhQ2J9YyASKKAWk6yxNZmiDFqMp2Bb.l7YhpTX2Fg98tB3r9WRvEOZYwBFSId6rRLP1UWbuQld xs9Uz9cq9hCzBxVHI2jjvBEJZ.H80H.s8cRoTXs3Kcz_ma9QZdjfCu5ug4xCKVBwUxKg5h738Z0d l9Zohb6fOrYwQyNPtJtQFRO5Jrp3.nzI4AFZHgfrdQceoGW6D7xBgXBiZWKOvATKH.Bb8R_paUN3 Mbzb_C4CL64zRqtnM9hgqMPpMHcoorftXaUF12eDuVV0SPuM7cwkcHfsoAYtY8p.IA88jFQDmlrZ A7R4vSeZ6pEkB_s5I_LOnaCB0XmAHvfwliAQGJGF3._k- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Mon, 12 Oct 2020 20:33:48 +0000 Received: by smtp413.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2228b7d75bbdda15291b9d2137df8bce; Mon, 12 Oct 2020 20:33:45 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v21 13/23] LSM: Ensure the correct LSM context releaser Date: Mon, 12 Oct 2020 13:19:14 -0700 Message-Id: <20201012201924.71463-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201012201924.71463-1-casey@schaufler-ca.com> References: <20201012201924.71463-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 1d9b0e385cd0..b0d9e9fad07a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2861,6 +2861,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3163,7 +3164,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3496,8 +3498,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 3a733ac33d9b..27932f6b4cd6 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1272,12 +1272,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index f8946b9468ef..28cc7944dd17 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -131,8 +131,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 259d5ad0e3f4..0fc505392728 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2717,6 +2717,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3228,8 +3229,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 183c95b527a1..818c47f02e00 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -131,6 +131,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -526,7 +557,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1353,7 +1384,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 88b55b42756e..32be5b4cc068 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1193,6 +1193,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1450,15 +1451,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2130,6 +2134,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2143,7 +2148,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b15222181700..2b06171bedeb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1407,6 +1411,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1415,7 +1420,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2320646ca754..e64ea4eddf23 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 380b660d0d39..1c45ca8c3c21 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,6 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -354,7 +355,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 18376e68fea6..87a70159ecc9 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a6dbef71fc32..dcc31cb7f287 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index f4a6204f4205..5785e6dcf54b 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 8b0ede277d6f..af84d3bdaf72 100644 --- a/security/security.c +++ b/security/security.c @@ -2229,16 +2229,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int display = lsm_task_display(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx);