From patchwork Fri Nov 20 20:14:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922091 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F11BBC63798 for ; Fri, 20 Nov 2020 20:16:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A83F12245F for ; Fri, 20 Nov 2020 20:16:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="WXuXlclr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729078AbgKTUQ3 (ORCPT ); Fri, 20 Nov 2020 15:16:29 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:41239 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729213AbgKTUQ2 (ORCPT ); Fri, 20 Nov 2020 15:16:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903384; bh=Wnr3DOH7qGofeaT/FCDDJK2H4g+EnCibappbIfk/7H0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=WXuXlclrScyxR7OknxXkWPnCHLCi9ZpM6P5ZOYjzD08taVM21DXPtKWJDm+Uo5gSQ0DaMQWub7ZTHUTxdRpILs084Hs8hLURCMOhG6IXsBZoq0o5YCJKKG36oyd2UF7D4vf6z38pn2ekCOdpEtCFKNvNv7llTyzFzjUOBjvAByCo+9SlpQ3S9Vvr3KehUA9OuqUx53cqbCsJO0thSFQ+CDACARK3B952cEF1DR9oeGhvFXp2ia3vewlXZT+Ios8vQf9jalkrv48rCKc/epx8KdcnnEKsTrs4FTlCy2l4nQ6EhPaC82uO6DXKtl2+6p/IPPJV3pTz1qFQajM39ebzqw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903384; bh=lVs3orswv7ofOrnuHrfHeKacf2uIGNv4Ab0DbrktbPc=; h=From:To:Subject:Date:From:Subject; b=DXthpfMJoEMVlgluukQ1d7UzEgeEB4qcWV2sc5I4ZRilSAU0B8Lygq+o64yyZZQXW3qkXShGXjQMDz7hYDPiJdW4P8iLfhBkkePNyBc9srGejFrJ1deTMSfOlq0aNozF+0fa6Ou3FG9zT951HoE27k9VNY2opkFNvxVLuWGyOrj6LEitx8ZGZuBSuqHr2B8GMkndWk1/zxxT5s0+2ALBEhFG75vVzzDA2jW8BDIkxahgr6jmZwxoEvuIke70shCmTKQqiXVh3xw7qissRYiT/EUmc4jwqgX/dthzQGHBYXJh8yWUKMJj0mept8YxIIsCUZTZeL9zl2sluTzVRyFnEA== X-YMail-OSG: zw.jlagVM1kj8EkIf7du4pK.pJ5tYY6us3nLpe6M_xpoJEX3S4BMSTYiEUBO41T HYoaOa7JdnVMmrmFNmXvQ6r9tkDBvDy7bV2UdiyHw9Pm5eFqdqtSRIK8R1rr_cVWfCrPmcR1i5bc pAuRdRhbpJrzwrcTIRwtWVDLO3xgbwWKiAAopgq05JZf_QXhlhMzXDDLX49NSLlculdJDaAd8.Sd j1OrRSiNsFeGiChKsYoGrztsH9Gm5gui.4Lk41bX23O6IysCrzJbIonWK7dRMSKalhLNtzX.Rwa7 9QoXNKs4msfzUkQKMBPgtZA8s1fZTwZCjQYIfcxzJ05sGvBGZxhtIC1lYQiqUkNF84m.Sles1SGD CTJVI9CBhwnLe7dYfZgaiDm.q4FXmavXsAQNaNFthroG8m_b1DaJDzrXiutTE6w7aiuo7R.xIyEw SaH72B8736m1SWWVzbaFujXvIfvkZ1WRA_5V0jACUbtEKItdK95ee94JYNtNPgO1dpjk6xmJOdE2 dov8.gwPgfGWW1mDVTWFhWwugZG4IPx7_KncXavE1gK5jVqJlDiNGh7VD5Rd54e85glYJl5YiIwl v78cWXVMfG5zgKrF9DhkBgdt.oBMnkcJHRRqtVRisH68UEdJKWN5.5nbas6iH1g_9_9mx4bdGGu0 iQ7RB9MWCyLXDPCfkc9JpCtKmTm.DWyMToCgDx7ZAhPzDeT6gvEllXOeb7a782o9lf1jJyw3Mlhi qDINl8jQGBbAIEKTOpaqCbp5ZnVfKYAND4YUPQz6Ms6.RqhY82_1pXY579p7Fde5K5hZMxlQhydS 4fLbYA_QuR2kyOE5LLHNj6tjO9AKEZh7SKz99DJCq7UF590JQz4.91btn14XMjcnFefgPlstxgFY uUmh3NbPFJkkessg.3R.MUFh.FGqYFQQIDbaOYuS.7ck.zJt5nqRbxVPpbvdqWK6hvYnEP95ZF51 xc56nJr9aRydF3Oh4roBEiIaskQZw5zCEApZ0PluMukzk7VdCx0Xgw4g2mCMfHZ1NeFMtbvnY1Hn O.vNqNmF7ELV7303UsVCgqWskpSVXuhaEKt0Wdb1NA6St0hbSwyiGTJsg0m.lxIaz4Wxnyt_hoXz Kxo0K2gddikTcoj0vwICuo9aZQkE8hIUvvisEeUshwyGLkL9djrfnd1V9V6IaFppY5WC2u.QyVhe lbtF484MZ4VOUqv4jsG2aJn9j_inwEwD9NvShIUoLb4nR_c0B0InukM.Io.oDgChFoQHk_O0a1Vn Tkm0EegLYVwDksc41njYPVwnirJ.WuBZTF_Jvo0ndlkNUMpP1U24eTOhSR.dBKacnUDnRoPtthDf ISSbad7F2JCCqfpERkDPiaRwU3Xh9fw6PrssDhOPJTHUhkOyRWhEd25R4al6xbjq0jPhHgc3MoOl ct6Vb289LEdAcNR.y5a5cDr2_BITQkR1aB3Xo9XZR8Zhz_9e5GiAmZJBv56PrLk_IQh.M5OTZJDj VdF.z_6.9LJeQFQHsr7pmuuvDrHYQ2lg7g.QroCj4g28TXDtfcNZCyBtditzArmaktSMRQEO97qD 8zpI4rTk97m_oqZwlAEa6Lk2VUjESKheDf0CbabpmmjTLnCvhEvWaWCqaHZ1ic6HRWLA9D7ZGx32 MeXCHrope1uhIteJlDx1FxplW584XeB_dkcdmyNKnCOtxRCtUUKN3O0xk7mEQxlv8QZzIuNN8cex _w7mhMukmiSSNWqg6ydevKpnO68wK5oISjKprpfRUVBAClJ5R1nzDz6f7ZZ6QpIsbaiBCZzCHHos F4iEOtgc_jyby5gkho4uKvc32Zap9WqSUsJDl2mp0mKwZLh9tFDPxEy8ZQImVqynrZDhbcKOdjwB Cr7kQpHRqclVGvEnbGYmmxbisMZwrKNs7ER3AscHr00DqcCnSXaRKe9dAR5hwWSTJAUHqd5HY2mo Es.Mnf3.NQ._Pcq.jRqCbYLy8uOngmoUYZicGTB3tb.iTwA3BpQauvNwTHopTjcPcIbWBg7bEYfS 0XpozFy5FMhueQDNE9iSshxB8pAjteQrmwtRPEXgUU7y48vZTZgJPjUC8H4SumwpyPYQOeXRk6Fn c7kLr7TSWSBMQS8h6IZWPaW.Ox17m4pOuldMoNpPENHKVDTzAfffoWd9aD3ADxkmqfiiAJu65Pb6 u6ZOEKAx2W.wThumQU6PMhWOSk9tkDW2TOtdpMJy9v6iQzxvDA2VpH1NHm.eeB9kteCotLLmEgYU dfVPg_j6ywd9fBGtE_.V_KSqEJUDAaIYtJD4Ot971ZOwey2NxRUPXCXy6j51Q9zV3DQM1.Iff1na BCULnYHqW0SrI_nclj8.AiqwZnmNTnMgD617aQQbSxaEOu01K0JZz2mkdct29OU_g3UMF7BNim6x _P69x6hn4kstJXYMLgL1qu7bqwltqOV6uuiuS0ZJ8_8Hv8KbbuLOKQJV645vUh9UmuIWPKnaJ16g 7y7uncktvytC8O1UJ1AnCkUbBViAy7TmonGnbeTogvJqayt2kfyLir4SbV5kLJQqRY70fO.wJXD4 wOm8TRWD1yNG46aTDQVY2ddxqVj6_982Dw8bZy3Whr4rvFbEBqohmOnswZtnvSLKpTKC2B7eTeQe vAnC565r0mRyCWYmtTJ3oYCXNC8dRcisnW37atlJrSTb6pU3RyMXYpKNAXZTdAGLAxpQI3pvD0Xk InMr1OhtDIRwlzcOXLPQJuBfMBNpFm2LTu4UNfpc_xs.1_rDcdZ_N_qA_5YV5SoROlNT02OSViIW _5gcgJR7eHK_KlB4N_UA2qqXVL_YCdhpzb_5HGpGHbkpp2DoYHSsMeAKI2uPs42e41ouENoBWorP KTWxPN3Kn2pUIP6GJI69OGBTPRQIPaZf81n7JEtFFvi9nX6Dh6.dhExJVT51l0AIYQtT1dMOhM_7 MXXyuFYW948KUFLzl4qRLlcamO3GAyNpAuO9a2FSu2ZfkiH5R9KzajtnPMKUxglW5qCojgLDxmmH 4oJV2AHQvdADe22TInbowCzMRm27oWxU0pkiU9ogv5peyRMSnTTUAUb9KnYPKMsyXe2XbfAUJmqo - Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:16:24 +0000 Received: by smtp415.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a541778eb6b0c682d5406fed205d2abf; Fri, 20 Nov 2020 20:16:22 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v23 01/23] LSM: Infrastructure management of the sock security Date: Fri, 20 Nov 2020 12:14:45 -0800 Message-Id: <20201120201507.11993-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/net.h | 6 ++- security/apparmor/lsm.c | 38 ++++----------- security/security.c | 36 +++++++++++++- security/selinux/hooks.c | 78 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 ++ security/selinux/netlabel.c | 23 ++++----- security/smack/smack.h | 5 ++ security/smack/smack_lsm.c | 66 ++++++++++++-------------- security/smack/smack_netfilter.c | 8 ++-- 10 files changed, 145 insertions(+), 121 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c503f7ab8afb..d8f492ed6ebf 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1563,6 +1563,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_sock; int lbs_ipc; int lbs_msg_msg; int lbs_task; diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index 2431c011800d..5b6f52c62058 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,7 +51,11 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) +static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) +{ + return sk->sk_security + apparmor_blob_sizes.lbs_sock; +} + #define SOCK_ctx(X) SOCK_INODE(X)->i_security #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ struct lsm_network_audit NAME ## _net = { .sk = (SK), \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ffeaee5ed968..f1c365905d5e 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -766,33 +766,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo return error; } -/** - * apparmor_sk_alloc_security - allocate and attach the sk_security field - */ -static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags) -{ - struct aa_sk_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), flags); - if (!ctx) - return -ENOMEM; - - SK_CTX(sk) = ctx; - - return 0; -} - /** * apparmor_sk_free_security - free the sk_security field */ static void apparmor_sk_free_security(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); - SK_CTX(sk) = NULL; aa_put_label(ctx->label); aa_put_label(ctx->peer); - kfree(ctx); } /** @@ -801,8 +783,8 @@ static void apparmor_sk_free_security(struct sock *sk) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); - struct aa_sk_ctx *new = SK_CTX(newsk); + struct aa_sk_ctx *ctx = aa_sock(sk); + struct aa_sk_ctx *new = aa_sock(newsk); if (new->label) aa_put_label(new->label); @@ -858,7 +840,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family, label = aa_get_current_label(); if (sock->sk) { - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); + struct aa_sk_ctx *ctx = aa_sock(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); @@ -1043,7 +1025,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) */ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1056,7 +1038,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) static struct aa_label *sk_peer_label(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (ctx->peer) return ctx->peer; @@ -1140,7 +1122,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock, */ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!ctx->label) ctx->label = aa_get_current_label(); @@ -1150,7 +1132,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) static int apparmor_inet_conn_request(struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1167,6 +1149,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), + .lbs_sock = sizeof(struct aa_sk_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1203,7 +1186,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security), LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security), LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security), @@ -1754,7 +1736,7 @@ static unsigned int apparmor_ip_postroute(void *priv, if (sk == NULL) return NF_ACCEPT; - ctx = SK_CTX(sk); + ctx = aa_sock(sk); if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, skb->secmark, sk)) return NF_ACCEPT; diff --git a/security/security.c b/security/security.c index a28045dc9e7f..5da8b3643680 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #define MAX_LSM_EVM_XATTR 2 @@ -202,6 +203,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -337,6 +339,7 @@ static void __init ordered_lsm_init(void) init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); /* @@ -655,6 +658,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp) return 0; } +/** + * lsm_sock_alloc - allocate a composite sock blob + * @sock: the sock that needs a blob + * @priority: allocation mode + * + * Allocate the sock blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_sock_alloc(struct sock *sock, gfp_t priority) +{ + if (blob_sizes.lbs_sock == 0) { + sock->sk_security = NULL; + return 0; + } + + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority); + if (sock->sk_security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -2193,12 +2218,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { - return call_int_hook(sk_alloc_security, 0, sk, family, priority); + int rc = lsm_sock_alloc(sk, priority); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sk_alloc_security, 0, sk, family, priority); + if (unlikely(rc)) + security_sk_free(sk); + return rc; } void security_sk_free(struct sock *sk) { call_void_hook(sk_free_security, sk); + kfree(sk->sk_security); + sk->sk_security = NULL; } void security_sk_clone(const struct sock *sk, struct sock *newsk) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6b1826fc3658..2748281a5cca 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4476,7 +4476,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec, static int sock_has_perm(struct sock *sk, u32 perms) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4533,7 +4533,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, isec->initialized = LABEL_INITIALIZED; if (sock->sk) { - sksec = sock->sk->sk_security; + sksec = selinux_sock(sock->sk); sksec->sclass = sclass; sksec->sid = sid; /* Allows detection of the first association on this socket */ @@ -4549,8 +4549,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct sk_security_struct *sksec_a = socka->sk->sk_security; - struct sk_security_struct *sksec_b = sockb->sk->sk_security; + struct sk_security_struct *sksec_a = selinux_sock(socka->sk); + struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); sksec_a->peer_sid = sksec_b->sid; sksec_b->peer_sid = sksec_a->sid; @@ -4565,7 +4565,7 @@ static int selinux_socket_socketpair(struct socket *socka, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family; int err; @@ -4700,7 +4700,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; err = sock_has_perm(sk, SOCKET__CONNECT); @@ -4879,9 +4879,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { - struct sk_security_struct *sksec_sock = sock->sk_security; - struct sk_security_struct *sksec_other = other->sk_security; - struct sk_security_struct *sksec_new = newsk->sk_security; + struct sk_security_struct *sksec_sock = selinux_sock(sock); + struct sk_security_struct *sksec_other = selinux_sock(other); + struct sk_security_struct *sksec_new = selinux_sock(newsk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -4913,8 +4913,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { - struct sk_security_struct *ssec = sock->sk->sk_security; - struct sk_security_struct *osec = other->sk->sk_security; + struct sk_security_struct *ssec = selinux_sock(sock->sk); + struct sk_security_struct *osec = selinux_sock(other->sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4956,7 +4956,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { int err = 0; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4989,7 +4989,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; @@ -5057,13 +5057,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static int selinux_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { int err = 0; char *scontext; u32 scontext_len; - struct sk_security_struct *sksec = sock->sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sock->sk); u32 peer_sid = SECSID_NULL; if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || @@ -5123,34 +5125,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { - struct sk_security_struct *sksec; - - sksec = kzalloc(sizeof(*sksec), priority); - if (!sksec) - return -ENOMEM; + struct sk_security_struct *sksec = selinux_sock(sk); sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); - sk->sk_security = sksec; return 0; } static void selinux_sk_free_security(struct sock *sk) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); - sk->sk_security = NULL; selinux_netlbl_sk_security_free(sksec); - kfree(sksec); } static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = sksec->sid; newsksec->peer_sid = sksec->peer_sid; @@ -5164,7 +5159,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) if (!sk) *secid = SECINITSID_ANY_SOCKET; else { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); *secid = sksec->sid; } @@ -5174,7 +5169,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(parent)); - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) @@ -5189,7 +5184,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) static int selinux_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb) { - struct sk_security_struct *sksec = ep->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(ep->base.sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; u8 peerlbl_active; @@ -5340,8 +5335,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); /* If policy does not support SECCLASS_SCTP_SOCKET then call * the non-sctp clone version. @@ -5358,7 +5353,7 @@ static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; u16 family = req->rsk_ops->family; u32 connsid; @@ -5379,7 +5374,7 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, static void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = req->secid; newsksec->peer_sid = req->peer_secid; @@ -5396,7 +5391,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) { u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* handle mapped IPv4 packets arriving via IPv6 sockets */ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) @@ -5480,7 +5475,7 @@ static int selinux_tun_dev_attach_queue(void *security) static int selinux_tun_dev_attach(struct sock *sk, void *security) { struct tun_security_struct *tunsec = security; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* we don't currently perform any NetLabel based labeling here and it * isn't clear that we would want to do so anyway; while we could apply @@ -5624,7 +5619,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb, return NF_ACCEPT; /* standard practice, label using the parent socket */ - sksec = sk->sk_security; + sksec = selinux_sock(sk); sid = sksec->sid; } else sid = SECINITSID_KERNEL; @@ -5663,7 +5658,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, if (sk == NULL) return NF_ACCEPT; - sksec = sk->sk_security; + sksec = selinux_sock(sk); ad.type = LSM_AUDIT_DATA_NET; ad.u.net = &net; @@ -5755,7 +5750,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, u32 skb_sid; struct sk_security_struct *sksec; - sksec = sk->sk_security; + sksec = selinux_sock(sk); if (selinux_skb_peerlbl_sid(skb, family, &skb_sid)) return NF_DROP; /* At this point, if the returned skb peerlbl is SECSID_NULL @@ -5784,7 +5779,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, } else { /* Locally generated packet, fetch the security label from the * associated socket. */ - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); peer_sid = sksec->sid; secmark_perm = PACKET__SEND; } @@ -5849,7 +5844,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) unsigned int data_len = skb->len; unsigned char *data = skb->data; struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 sclass = sksec->sclass; u32 perm; @@ -6874,6 +6869,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_security_struct), .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), + .lbs_sock = sizeof(struct sk_security_struct), }; #ifdef CONFIG_PERF_EVENTS diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 330b7b6d44e0..9ca41988281f 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -189,4 +189,9 @@ static inline u32 current_sid(void) return tsec->sid; } +static inline struct sk_security_struct *selinux_sock(const struct sock *sock) +{ + return sock->sk_security + selinux_blob_sizes.lbs_sock; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index abaab7683840..6a94b31b5472 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -67,7 +68,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) @@ -100,7 +101,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( const struct sock *sk, u32 sid) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; if (secattr == NULL) @@ -235,7 +236,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; @@ -273,7 +274,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, { int rc; struct netlbl_lsm_secattr secattr; - struct sk_security_struct *sksec = ep->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(ep->base.sk); struct sockaddr_in addr4; struct sockaddr_in6 addr6; @@ -352,7 +353,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) */ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (family == PF_INET) sksec->nlbl_state = NLBL_LABELED; @@ -370,8 +371,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) */ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->nlbl_state = sksec->nlbl_state; } @@ -389,7 +390,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (family != PF_INET && family != PF_INET6) @@ -504,7 +505,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, { int rc = 0; struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr secattr; if (selinux_netlbl_option(level, optname) && @@ -542,7 +543,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, struct sockaddr *addr) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; /* connected sockets are allowed to disconnect when the address family @@ -581,7 +582,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) diff --git a/security/smack/smack.h b/security/smack/smack.h index a9768b12716b..0f8d0feb89a4 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -357,6 +357,11 @@ static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) return ipc->security + smack_blob_sizes.lbs_ipc; } +static inline struct socket_smack *smack_sock(const struct sock *sock) +{ + return sock->sk_security + smack_blob_sizes.lbs_sock; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 5c90b9fa4d40..ca4a6c862732 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1444,7 +1444,7 @@ static int smack_inode_getsecurity(struct inode *inode, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) isp = ssp->smk_in; @@ -1826,7 +1826,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the @@ -2233,11 +2233,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) { struct smack_known *skp = smk_of_current(); - struct socket_smack *ssp; - - ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); - if (ssp == NULL) - return -ENOMEM; + struct socket_smack *ssp = smack_sock(sk); /* * Sockets created by kernel threads receive web label. @@ -2251,11 +2247,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) } ssp->smk_packet = NULL; - sk->sk_security = ssp; - return 0; } +#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket @@ -2264,7 +2259,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) */ static void smack_sk_free_security(struct sock *sk) { -#ifdef SMACK_IPV6_PORT_LABELING struct smk_port_label *spp; if (sk->sk_family == PF_INET6) { @@ -2277,9 +2271,8 @@ static void smack_sk_free_security(struct sock *sk) } rcu_read_unlock(); } -#endif - kfree(sk->sk_security); } +#endif /** * smack_ipv4host_label - check host based restrictions @@ -2392,7 +2385,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) */ static int smack_netlbl_add(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc; @@ -2424,7 +2417,7 @@ static int smack_netlbl_add(struct sock *sk) */ static void smack_netlbl_delete(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); /* * Take the label off the socket if one is set. @@ -2456,7 +2449,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) struct smack_known *skp; int rc = 0; struct smack_known *hkp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smk_audit_info ad; rcu_read_lock(); @@ -2529,7 +2522,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) { struct sock *sk = sock->sk; struct sockaddr_in6 *addr6; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smk_port_label *spp; unsigned short port = 0; @@ -2618,7 +2611,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, int act) { struct smk_port_label *spp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; unsigned short port; struct smack_known *object; @@ -2711,7 +2704,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) ssp->smk_in = skp; @@ -2759,7 +2752,7 @@ static int smack_socket_post_create(struct socket *sock, int family, * Sockets created by kernel threads receive web label. */ if (unlikely(current->flags & PF_KTHREAD)) { - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); ssp->smk_in = &smack_known_web; ssp->smk_out = &smack_known_web; } @@ -2784,8 +2777,8 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct socket_smack *asp = socka->sk->sk_security; - struct socket_smack *bsp = sockb->sk->sk_security; + struct socket_smack *asp = smack_sock(socka->sk); + struct socket_smack *bsp = smack_sock(sockb->sk); asp->smk_packet = bsp->smk_out; bsp->smk_packet = asp->smk_out; @@ -2848,7 +2841,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) rsp = smack_ipv6host_label(sip); if (rsp != NULL) { - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); @@ -3576,9 +3569,9 @@ static int smack_unix_stream_connect(struct sock *sock, { struct smack_known *skp; struct smack_known *okp; - struct socket_smack *ssp = sock->sk_security; - struct socket_smack *osp = other->sk_security; - struct socket_smack *nsp = newsk->sk_security; + struct socket_smack *ssp = smack_sock(sock); + struct socket_smack *osp = smack_sock(other); + struct socket_smack *nsp = smack_sock(newsk); struct smk_audit_info ad; int rc = 0; #ifdef CONFIG_AUDIT @@ -3624,8 +3617,8 @@ static int smack_unix_stream_connect(struct sock *sock, */ static int smack_unix_may_send(struct socket *sock, struct socket *other) { - struct socket_smack *ssp = sock->sk->sk_security; - struct socket_smack *osp = other->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); + struct socket_smack *osp = smack_sock(other->sk); struct smk_audit_info ad; int rc; @@ -3662,7 +3655,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; #endif #ifdef SMACK_IPV6_SECMARK_LABELING - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smack_known *rsp; #endif int rc = 0; @@ -3875,7 +3868,7 @@ static struct smack_known *smack_from_netlbl(struct sock *sk, u16 family, netlbl_secattr_init(&secattr); if (sk) - ssp = sk->sk_security; + ssp = smack_sock(sk); if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { skp = smack_from_secattr(&secattr, ssp); @@ -3897,7 +3890,7 @@ static struct smack_known *smack_from_netlbl(struct sock *sk, u16 family, */ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; int rc = 0; struct smk_audit_info ad; @@ -4001,7 +3994,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock, int slen = 1; int rc = 0; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { rcp = ssp->smk_packet->smk_known; slen = strlen(rcp) + 1; @@ -4050,7 +4043,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, switch (family) { case PF_UNIX: - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); s = ssp->smk_out->smk_secid; break; case PF_INET: @@ -4099,7 +4092,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) return; - ssp = sk->sk_security; + ssp = smack_sock(sk); ssp->smk_in = skp; ssp->smk_out = skp; /* cssp->smk_packet is already set in smack_inet_csk_clone() */ @@ -4119,7 +4112,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, { u16 family = sk->sk_family; struct smack_known *skp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct sockaddr_in addr; struct iphdr *hdr; struct smack_known *hskp; @@ -4205,7 +4198,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, static void smack_inet_csk_clone(struct sock *sk, const struct request_sock *req) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp; if (req->peer_secid != 0) { @@ -4697,6 +4690,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_smack), .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), + .lbs_sock = sizeof(struct socket_smack), }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { @@ -4806,7 +4800,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), +#ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index fc7399b45373..635e2339579e 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -28,8 +28,8 @@ static unsigned int smack_ipv6_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk && smack_sock(sk)) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } @@ -46,8 +46,8 @@ static unsigned int smack_ipv4_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk && smack_sock(sk)) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } From patchwork Fri Nov 20 20:14:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922093 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C45EC56202 for ; Fri, 20 Nov 2020 20:17:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EA10422464 for ; Fri, 20 Nov 2020 20:17:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Gp5PENmu" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730074AbgKTURe (ORCPT ); Fri, 20 Nov 2020 15:17:34 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:41085 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730104AbgKTURe (ORCPT ); Fri, 20 Nov 2020 15:17:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903451; bh=ZJTbA2ATr3o7UlQ7868l+5cAPYnxaaFHObbRw6NEuQA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Gp5PENmu8/Ng32JTeJnjPRLGMlgGsTGHH/ep4pFSAoH4fy5pfpHBYhN+unbkO6DzX4Fm8kEV93eGYbySR7OaiKI4ED7AF+ME+w0Tx6nIgeKMGMPLYC/gsTVeL7UsnWiJ3Fy/0f4cnxScnI1j0W8f+p0Q3X9IcGZb4sxnmaHUTB+UVpxKATLZQqfVvzezyjpKkTEMDflEF91cBCKk/9/vWpI6n35y5rWFfw7RQIeHFKg8qXAjQ95zuU3+RY7sh3d66ZXG46wLLYYT76NAI+Y8m0Lm2O3JpSoulHy3YOeZttWa1ogHDOqbN1tdThzjSf9fbPjbqxpZ0dbHFi8xnjj/ag== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903451; bh=cw02Dh17Au0TCo4T8leamFz4VU7WUzEfllatvdIDdoD=; h=From:To:Subject:Date:From:Subject; b=l4pC0vOVWwqH6yRetiKNQ3jQiegChCNe047CJ9J1Ei7Erf1pUrCRDwP5ZgaT7KWZMQZ+pvrxdGWemB7QvgAMRYbdCH7EqFF0zJwSWCI13Kj5o7iuLQh0XzYAvjRG/XxzKxYPwK5cZWqFFbm9rC+Z2H++R6S3hdeOr1Fj2xdhFjkh0gIVDVFb/KHMNp8Yr1Sq+omBWWx7m2RBwcru/HktAvuW/96c+qNnRR2K5UuyDz/p5BZGtfNawYYGAEOqSzerU5i7Ka/7WuyUrmpxrIf+L/OptIU6/XJIFv6uPpoAX88JzQBijnVS17bpCOl8awVyAEbbF5wSNoepqr2BnTcQTg== X-YMail-OSG: tMu0wBsVM1n6CE.s6lGw.f.HgZE19PZI5.sF.dQV1NWpn4EN7DKP69UdWtcb8o1 mJB3sLY9_KC7uSJihUfDV1dn1zpMkf7jRtptT6V4cNOQJMFaiQw9l1VHj1XI2AYp20Mmojw8A6EK 5LET0BW2vxAQz9Phja0mCVLZhOsXztckNrldh_DTgqIXVfnKsp4U4v3laU3cX4OdPHh_KvaFd5F4 Hmer_Vq2dop2heC4QfrzRpcXM0Ojo3IgkXNjs8evy.fNPiC0grclLiKaxtawc.X9G67bFhQkXnQU hKCiK2Qd_JfmzpDDhtSe6x2wE_hotIEelznIU3n7pOi3zVmBgUV2J.8Xzs9Y6SpGmWTWGOT9O4KH Lt9SqYsB0GpkwAV6X6vD9Oa2C01xYctfqStg39zXHcYf2dufRC1LjWD3qYrnLdF8mS940QzKa2tm WO313DQ.NrKfaV304AsFAIodi3rfnKoLMXIoq39J_NhlMcAghaNNA8hqcFsr.ivaF0pHO3TzwMy7 sTqqFrD0bZKoev6pY5NtPLDR6p52gsM4.NDnfuKvdbINVa5Qh8dSoz_3acb7Jydu4RvBGREH4w8v 3_ThGm5Z59DkFhOh_JoulgaYFcd6tcgeglz4_e0XW8sdiWNq2je2suqj0mTylPZud1Z4sCyZdLQY I85_1bmB9h4Kh1TXyXdlVM84Al2kuRnEOsAQBk846NwAANuyrp.C87XYrUT8ZnZhuVoEbUMyx7LL GMP8XOdAUEcaErNtonCr_OHe02ociXLAJ5_lbt4GXL89JsZivyEf8IuUwyMF4.3yhStuIjUvo1F5 8r0WzW8ubMYJ.H4bIirZHgoOIlv_9_7Lkdbptub_QFJ6IPl5jgNg7C4L7AHz8fhDGhrTZIlpwk7P G8EcEWxJSDHTp1SbVpOW_AUugRqjJkHcY5Un1J22WqBDClr5iWK8sHfon41LwqqN6SnBAvgXjrkk w3m.u6wrrWumuFd1bqaa6Bx5pKlMYXFBqMQUrsooJIqGFCKubZImHwoeDX60TEDNzjf2Vvt4XKk8 ZmJjyZ3kyW09FRPpd.nLpstedzpGpvsxKxIe4Hr13yRHRfSH2YB4JAQOOhBmfbwhhvOIW4swU2Bx PQSvbSWu6iaS1r81b.J8Q79f9X.Q8WZ8e.KUNuKAl8p2Yjl0ezsLM3aPVcsOV9ESslrD6VfxL9nI ypDDJvd8Zh4FbNJPJ5uGo5tXvGS5z8L72Q.ZHub2MZjffPaw35rLNTD4bytPRtjytLChtbx3vsWO oytF5n4dSs6a6efz3teRnW2Y6HQr7bqqW0eu3Ebha4DX6BgsCOOz7QH1zAcXn.wjpCvOBH69JWUj 0pEnLyKo3kelOYjWmW5NGJFWa5Bo271IuyDcLU_WnzwPF5gGMy0awG6r_vo9Z8Z4kSPTv8fLg9.N 3lWPMHZ2Q0IwuF8fVX5CfbRMkM1JXQy7.Cbh89M6RXr.Mr7PRnH5xS9cT9_1QOBIOZneTHaV7ViM CFmHAjNlhUhA1O.gtAjSF4PZyZPtuBS5kqTTpiToAmi5Zg1_QDDvpUIBJr.LZ1OabTUl3twmRbiN 284dphHlDfzM2hVNi.WukeJ2crKMR0uOAcWkwSBr.Icp8xI3.YwIDHA7HhU34KuTfJNX44uRdgOe BqmSZPRCkloiolmyVXcNV3BGwclqaJJJZyprWAjB04Cxh7MAuHFmnxAelcQQkqcAkzxyEeTQQyUy H9p.cWomTbogozrMMFAfA0.YD9SUSp38fOXdQ5gREcnb842L0BcHDj7wtHqpznIemv0xDsgE1E4t j4O7ROjMnx2wjuwP5GTup.GfIO26TJ5dhrpesgbUyewDy8Ksl98P96TpseewHUl4A74.UoKsUmn0 wWYUU3vhR7UWAjstN8XMFByOx5PD8agK43MNim6tpJnS96zHygP4hEvMsER8ztHy4sKdkxtw2fSU ellaN_g_bl2ftgNAJvXhnAGHVZpYyjCZiuZREcPltrtWt7XCIW.xEN002T.Is20fy4M29nBaA561 8I43bBLvNlM1Z7kvus0XIup8_0PXiXVsP.vSHArA3SMgV82ZoXxlTg1rvgmDZbSrDnsluy.vkdG0 KzoZ9Fw8ve2spjph7fIsjaETlTGCAxr96KraE0xjfOYiq_yRz52YBbEHGCKj_3bOmSySaoMFlz_R xi6UIW1khTHNkUs2_ukpNUEEMjuKcCX3AAzW5KIGmGAGaM6w160Axs2DtP3JPHYqnz44tWR34IvC TqbHFBz.A.jSBmtAtbKgFc8R_LpiNb.cihOZVBWGb4.vukxt.QLJwB042aQ33Pk1VcBtVgEMEiXb YKSmmG2yK.jpmnmwlGewepwjj3jpkFn7UczLJ_Glyq7M90FigqUGruNSAjPx50vHDvw8D4okhA29 adVMemSrr.UQ_schygaDKcgJXQN59dRCv2lcGjjDJ7TBv3SzlztL6DfI4909aKGa_2D8ykTF9q5m YiO5jD2uqF7MeWrk7mvisjtr5Zk1vtZolMFyXEa2ofSMLzvrHB8SdunxVBUyrwYIoq7ZG_gaQzxx eYrbxZWTFchGG9IDJU7Jecw.ZAhLb9Ba9SprkClRw6nTqdCYaXLBra2BPa1SJChT28g4D8a2TjAU kIQGMrZxY8gXK0aqYJfJGAfzf6LIP5aMKqAFGEctm8MuH5FrDngqyjulbVAKXhA2QeeUyUBOEewD JCLVgltAvOO4cwMEDHKaH0.cOvuUx02FegoSzfKHuJY83wmZMoprlWBPsI..1D7omOxlFArNl6JG fNk0mvKAqmMP1fpsVCpdXm_KLCutJn19ErTLRz.2mriZDPlau548BU06Yu2n_WNWwIBtGPFg9D5w v0k4glTvh9jDMF0yabBhDvyahGLVZG7S0ntb81exHBGQnxXUYoKAIiLYOgOD0PyJMLyQq1Jk087W owHHa3Czh5q7Ieuy_vVOAbPWP21qHNVo6tGP5A9Bhlsm46MJDZ6Kzw5BedFI_y3TDy80MsJ6gyEJ rkGYBL0b246dFVZ6KZh_U.9FqcFnlJmilbuIfP8MX_uyq4UES8A9TdHOghI3RHERAU17Mf7owUmR 7mLx.uUlTq5EqMfICBscih8N2WVLUI20tUf6uAkuWyrVvvlDX_U_zNISADfCL_rzt4mwKTyeSv4U F74lYe38VfpCVYxqAa9xgYu8PElZ7_KMWv5NgxF2MG3MeofQaREy7445sGdpgJJF3NRtAMjn.a7o 9G__Vpuh_xMJ0pdKmANuiChB6gunsEpV2fdkFe.PokskYsoRhT1CnqTJrOdVxuVqI5_H05MaVjgT BQrj_Va8vQKgZQCD0o_Xa5dM3gsivbdwG9Lu4v2Ymm2aVgmp2Uqqvv.bTqKvDTQILWZeLwPJSBxT e7Jpu5Uma5pzUoBfqnkOAdUukcy51euHy3W0SsglvnV.ZpD_6CpxtnTH_yOCiovtGc4WzkRXRMaU - Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:17:31 +0000 Received: by smtp419.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a24adb9f0baf1f5cb0e3f81d114c3341; Fri, 20 Nov 2020 20:17:28 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v23 02/23] LSM: Create and manage the lsmblob data structure. Date: Fri, 20 Nov 2020 12:14:46 -0800 Message-Id: <20201120201507.11993-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. Because IMA uses the audit rule functions it is affected as well. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: John Johansen Signed-off-by: Casey Schaufler Cc: Cc: linux-audit@redhat.com Cc: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org --- include/linux/audit.h | 4 +- include/linux/lsm_hooks.h | 12 ++++- include/linux/security.h | 67 +++++++++++++++++++++++++-- kernel/auditfilter.c | 24 +++++----- kernel/auditsc.c | 12 ++--- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 ++++- security/commoncap.c | 7 ++- security/integrity/ima/ima_policy.c | 40 +++++++++++----- security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 72 ++++++++++++++++++++++++----- security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 17 files changed, 254 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index b3d859831a31..ba1cd38d601b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include @@ -65,8 +66,9 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { + bool lsm_isset; char *lsm_str; - void *lsm_rule; + void *lsm_rules[LSMBLOB_ENTRIES]; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index d8f492ed6ebf..fe9203f15993 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1545,6 +1545,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1553,7 +1561,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1588,7 +1596,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index bc2725491560..fdb6e95c98e8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -132,6 +132,65 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize an lsmblob structure. + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is an value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1833,8 +1892,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +void security_audit_rule_free(void **lsmrule); #else @@ -1850,12 +1909,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + void **lsmrule) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(void **lsmrule) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 333b3bcfc545..45da229f9f1f 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -74,7 +74,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(f->lsm_rules); } } @@ -519,9 +519,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, goto exit_free; } entry->rule.buflen += f_val; + f->lsm_isset = true; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -774,7 +775,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -788,9 +789,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -842,7 +843,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1358,10 +1359,11 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_isset) { security_task_getsecid(current, &sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + f->lsm_rules); } break; case AUDIT_EXE: @@ -1388,7 +1390,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1420,7 +1422,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1435,7 +1437,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8dba8f0983b5..16e3430f7d07 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -667,14 +667,14 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_isset) { if (need_sid) { security_task_getsecid(tsk, &sid); need_sid = 0; } result = security_audit_rule_match(sid, f->type, f->op, - f->lsm_rule); + f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -684,21 +684,21 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_isset) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( n->osid, f->type, f->op, - f->lsm_rule)) { + f->lsm_rules)) { ++result; break; } @@ -709,7 +709,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index f1c365905d5e..432915c1d427 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1152,6 +1152,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1852,7 +1857,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index 788667d582ae..a1a5032a4d87 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -14,9 +14,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_free_security, bpf_inode_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 59bf3c1674c8..959a9f96b7f1 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1341,6 +1341,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1365,7 +1370,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 9b5adeaa47fc..cd393aaa17d5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -79,7 +79,7 @@ struct ima_rule_entry { bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */ int pcr; struct { - void *rule; /* LSM file metadata specific */ + void *rules[LSMBLOB_ENTRIES]; /* LSM file metadata specific */ char *args_p; /* audit value */ int type; /* audit type */ } lsm[MAX_LSM_RULES]; @@ -88,6 +88,22 @@ struct ima_rule_entry { struct ima_template_desc *template; }; +/** + * ima_lsm_isset - Is a rule set for any of the active security modules + * @rules: The set of IMA rules to check. + * + * If a rule is set for any LSM return true, otherwise return false. + */ +static inline bool ima_lsm_isset(void *rules[]) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (rules[i]) + return true; + return false; +} + /* * Without LSM specific knowledge, the default policy can only be * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner @@ -326,9 +342,11 @@ static void ima_free_rule_opt_list(struct ima_rule_opt_list *opt_list) static void ima_lsm_free_rule(struct ima_rule_entry *entry) { int i; + int r; for (i = 0; i < MAX_LSM_RULES; i++) { - ima_filter_rule_free(entry->lsm[i].rule); + for (r = 0; r < LSMBLOB_ENTRIES; r++) + ima_filter_rule_free(entry->lsm[i].rules[r]); kfree(entry->lsm[i].args_p); } } @@ -379,8 +397,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); - if (!nentry->lsm[i].rule) + &nentry->lsm[i].rules[0]); + if (!ima_lsm_isset(nentry->lsm[i].rules)) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); } @@ -545,7 +563,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, int rc = 0; u32 osid; - if (!rule->lsm[i].rule) { + if (!ima_lsm_isset(rule->lsm[i].rules)) { if (!rule->lsm[i].args_p) continue; else @@ -558,14 +576,14 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rules); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rules); default: break; } @@ -952,7 +970,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, { int result; - if (entry->lsm[lsm_rule].rule) + if (ima_lsm_isset(entry->lsm[lsm_rule].rules)) return -EINVAL; entry->lsm[lsm_rule].args_p = match_strdup(args); @@ -962,8 +980,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); - if (!entry->lsm[lsm_rule].rule) { + &entry->lsm[lsm_rule].rules[0]); + if (!ima_lsm_isset(entry->lsm[lsm_rule].rules)) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1733,7 +1751,7 @@ int ima_policy_show(struct seq_file *m, void *v) } for (i = 0; i < MAX_LSM_RULES; i++) { - if (entry->lsm[i].rule) { + if (ima_lsm_isset(entry->lsm[i].rules)) { switch (i) { case LSM_OBJ_USER: seq_printf(m, pt(Opt_obj_user), diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b12f7d986b1e..b569f3bc170b 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -239,7 +244,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 8a176b6adbe5..7c7ac9bfe5cd 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -244,6 +244,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -253,7 +258,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index 5da8b3643680..d01363cb0082 100644 --- a/security/security.c +++ b/security/security.c @@ -341,6 +341,7 @@ static void __init ordered_lsm_init(void) init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -468,21 +469,36 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) + struct lsm_id *lsmid) { int i; + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -491,7 +507,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2005,7 +2021,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2018,7 +2034,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2510,7 +2526,24 @@ int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2518,14 +2551,31 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(void **lsmrule) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2748281a5cca..52a50d7ca534 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6933,6 +6933,11 @@ static int selinux_perf_event_write(struct perf_event *event) } #endif +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7244,7 +7249,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ca4a6c862732..f96be93d1a75 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4693,6 +4693,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct socket_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4892,7 +4897,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 1f3cd432d830..22f62c67f2ec 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -523,6 +523,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -575,7 +580,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Fri Nov 20 20:14:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922095 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8706C63777 for ; Fri, 20 Nov 2020 20:19:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 90EB22408E for ; Fri, 20 Nov 2020 20:19:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="bej5qH8V" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730463AbgKTUSi (ORCPT ); Fri, 20 Nov 2020 15:18:38 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:38718 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730092AbgKTUSh (ORCPT ); Fri, 20 Nov 2020 15:18:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903515; bh=9MAi/LYB0speU+LRF2qgGstFEyg/96KvotQ1I5WfdEI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=bej5qH8V4UgAtouV/CS2tLmgep/ruE5EAehoLRTNXWLbYVyMsIjL3FtmsbZp+O3ELg9DkEUpw/xALnJWCv0TQdw/wXTjggk4VcwPSpT7l41QxGab8vQParsjj6JqiW0M+7vn0uAMfE11sjcP1q14CPZDeGCcxJZ2DKysoatyd7QO2lLfslz6RsDSARl861Im5S0jUaJ3RcuYCwIGpi4lMXPkCQ0kq2hL3urnW6U0aHnt7d8OyddVoSzaT7fqVCMcXwBCOGJGLQGjAKZ+w+B+6nIW1TJZJ9gUQjrLl6lKKrGOOady9l4iujNEQ9rywPQT/NygqAaMsiwd0L0iaBwtOw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903515; bh=Y+lYtThC/ExlOTD+qnOBk0yHzxOLu1peAaLXotSet6m=; h=From:To:Subject:Date:From:Subject; b=VatUHeKkgKiBL755P4aYxOxWiJZIPo76RXi2BAR40uJxNOMxeI7Zw6y+HCG+/T7hEOgvW0w+H0giUHQpB3qLZlgmdcVQP+w7nJhU4N+YgXQJrAgPDNzHgCQJMZdt1tCNeBki9rPhVaR3CqfF2USvOlBUmYZ5qdDiE5Acmqb5/GM9kfcA44rKIb7PN86p4Vq8LvYJlnpPadVqZngFeQK1nvxEMtYDAZIP+NK9BZn+N/D0HOaS4GCpu04xNDefjIHPczEB/D+Y1oXBJOxRUiRop56zcjgoxJw8qiA4CSQEzvQW38jB3Fqwvn9h25qlIuqr+f+7R9r/USt+YC/5xN8yuA== X-YMail-OSG: 4qBx6DQVM1lyqmxeej7TQbyLc0TUsrN2ma5B3KO_769QV29_NOtVjhT3IgbNi03 osstjdU7iLHxPIoxq2yYl5TmNVVbbHrn5XZc3nclXxNCg6cpsbAC8JXUUyS15F2TjUW0JFiBNeso yUF45QoL4Gelsa_ZqXhJ7ByJwkPsNe8XqbjdO1b7NuR7YQ7KxR.MbLpisF0siZk9r2IOthAmMYJ. djBdHUPx2hDOykVkEXmVIJ52NtaYbrWaV3bRleLBHaxmjzD9g.cDWPD_9lvT204MpZo6RDH7M68c B108btKU0z.uEppdUsT8Q3ClCGLeTy_TMskHNNYhzIXFoYUwPjNSkShRHRnWmF.7YAxi1vA_PksQ w2WgyNjjTA41BOT5uzbv1ZYwczmrQ2wNvqVRw.1yQ0MJgd5h_19nQrQqc5WVe21nnPc5kg8YOdsp 7l9.vSTWt7oNDXiYeU5sz5InNqFsxAgeVrVay1Th6m2u.hHvDc3aGW8qS4dviIcs2tOsqurQc7Xo cxYeG9MuW81RNtGYkqwCEXufeehxsJNvfywYZa7AiUGkmoyX8ynoE4WjGyexmZfKddA_PYPybwC8 gYwOicW9PP.tb0gWu5jvUPMIJA216qxJC2c0d2lblg4JNZtDDZ7kuiINhv74JVbL2DmcHM3s3Zw9 cRLT_RfhDQ9x8vYykjqlHPSmIF9TmjzOzIUU_tjpMk_suJZFMySb6wBsN8kK.GA23SPqvkWpa4nr 5tgOXHAYXiBIxRZdorTlpyq.1PNuVF5O2FQN5XkqhAm2pmSNrR5pDDao7BaatqeIKJhYHEOBy_cy 4TGqHwnX6XS8Dp3OBDSkzwtgzBaVNIsiayGV0iLGJMshg3D5JF1J2RjJZDu5ZqE.kGb2b4xgRNnr 5tESrnAYclVcwvUqWbX65Ph7Q7DCNLX3NP57phmvTLoYY4WV20FzIxZrkLAEgz2PjtXfUcjFj318 BqHR5QT6hZ962tBHbBch0nUav7ANp5AvMiTkfh35iu32PaSZ6lZJDsx9YRo9NcG22a4abXOS9csM F.6wsW5SFTBFUc4D_Gr3AdDQ1q6u4vNvZYe.DemJXcV2HIDqnOmriM1ov50QKHXEtjaMm6aTvxxJ qwdAKnvJRGIac8p6LLFzIGzI7bz02QKYLED.9x1DIIhYT8FNSVgiA8cRZBXv8TIK4eRILw_NdA9X unJsmY10.jWTOBIztGXYEiyXms2VRajr0OXU0r2pWjJNxYM7dcj6ewl1Z40E2SXGAphKgr1r09z6 IeQRaghSzC1lOo.tuJBb4xg9Y1OYJE9EVBuRESiGRRRr.yzqLhIW4iK85q8ZJCaJS64geYlHTiZu mVjHG.wro16vK.FROG.YZBCJx9QUBOmHvdNdiQhseWcs95l_SQtMjKMSaIBYCaq7TMfM5wxFrljt a8hSJ1Bv4nRdvCWU4Gz74JArVaaYlTbUECGClRRzXvX43K0WUWIRUXmKWAFahbPp.y7OxNvk6zkv 2l.MDEYJCFDPxd.Qi6BHD2jCYZutZvpJL6LL2Ln9C3ZJPQsbvtbkCEsIVWcEQ0v9dN_benzS4dWR UEWV7MBxyEkjmLpGl3gK_eqXJTFbqRGM.6V7bRZFv9Hb2hX10_n__XgVbpM1WJ6zlvwREPOGEER2 39vuAwkRpCByie3paDni2xdQkfVGO16mlqSJoqJcZebc_DGMBM31OJiAVaknPpjEmKch5Oq8GP.9 Z3CAyq9NTvMMAI8.YjWDOw6EmqulJiJjdeExS3yE41Ezxe.HC3UtklP2BKPpd1GJovvmoOQzw7G4 ppN412uwUI.kdHi_75mv8MkKJl5qyaaqSG74STfLYF90RfYbT41uaSzvSD33srQpxXXbQdfs9OCI LOSxKMJGzcC7xv9ah46w8yEIQq7TufMARFbmroG2Gq5c2KI9r4ERGD2OPLuDPUZcKEK8lSFL9dRa gZDkCFMwBox1wn56pLAR7T2mNy7pBitwNYyMK2WMxGuwoc0zyTErEh2QfYSycHHRpEopIksUM4CR SpsTu3OHSW6rPDstGlQbK4lH0r2ErjTLjcyB3qwLm0z7d8vm96Iu63BIggXoL3BcCt6DrWiP1X.j XBRFRsSbYsBIcWLgwinxe0HbrywcaHimVkZM_pDW6HXp8EiUNZPnwJx8URp.cUFps0VCwK11rnl. zYAstC_MHfomHnkAihCL1gqmoArJva1vs9BiqS_VuwXpgIpiehRHfkD34Fiqm7yxB.7MhhSB_tNt RtLnSuzCBSCKSbRjYty7pqj9hd.TU5bBMAME2RjjwAtzIEhXsJQML1bcSPewSS.X9T4J7KWNzElU MW.VNWbJw5NOSvIOwHgIT.JLdywKsU5ld_t.KyoPpRxr3qw03wzLsZTyLPI4ug7i7TIfzNIeNthd yYJzIslIQi40tlSeceKTCZu1blfrWtq0wRJLjyz_lv03PWSQI8ACj5DXeoFzJ_3wqQCt208am9u0 PS7l9WI_hXtHvcLGpZqPKiVacG90.5iMvlmzwOP57Z1Ptoc6R9eCGbt9c_Wr6oU60_K3jqaINVVK J6n9p6rPx3W43p4VIjHanH1UvLP.eCyXCmTvKUmWTmbpB0xV4wsVzfK677XkF7dlVc3BI.vQBe28 4JpG3YGrLfi1Ai.OOhPWV343gfLuqBXgXU0u4MS2uKLx1ccjLg9h25uEWLk1EhDn.0LwN3N0g5S2 4KbhV12rObaGz6tDyEDiHw2HeYFLzcKJdUBkZzrujvaFw8YxX2b.httTPXOuO.pUefq2XutnbEMZ gsI9u.aMuCbjkQ6Uogkkfyx4hAtOjvf2yAc4KCaiiL7uMTd0SvkiKjA.ZxYWmwAfCRPRmg_xj_vv Kl4ENe9RL4jNOz363LH6mCzhjTtbkUfPJP4BTjrE9nGlqe.LkvRCCCJdongDC6KqCF3zS_D4P7Mh 40qDxobdfmVPVbdj_u6Ejg9r7Xxp3iBRzxetwuCdDe7RVh7zS7y4lSR_4B7hPt8O8NF0Be70UnCj AuQdoQEufRgSED47bfuKUXVytlMDMfFK6CMsNwftms0ZwjcjTgNKuu.Y3MctJ0ZinOjAVHfp5h4A j8idDHmKAW2UL6fxCkXciFy45kpGA3AXB_lprFuSq.XX3AvTZsIpJpBS4UPq_bKUZWibYdDWEmvj zZifM5uDKhDj_oy4487qyIQqPn_tAtbllF_osvgDAo7Ut.XlAuOdb3tWB3lI7u.J1ocK4LnMh9ri D7GbTdnCkVVnkFnFBSUJYxe.FnxWTgb5Dk.12cGpDRStAPN5aezS6YCupQC6H0xCos1Xa2GMbgmB f8mzkxpCQt26uZeVXr1JC89iUNUxHkFV9IzfZSnMK6Gic.40pTR3D8EnP8KiwX.4vGYRBhRv0_v_ QMkKQsfZxZvlJgMYIvKZ_qzGQgPENWEGlDm9QQoPfhUDQudgJMISD.Y8aBl3yFCbGrWEItPu6G0z t2mbe4hLap0Ica9W.bLM- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:18:35 +0000 Received: by smtp424.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 928f9f0a3ea665543955f7060f39dc12; Fri, 20 Nov 2020 20:18:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 03/23] LSM: Use lsmblob in security_audit_rule_match Date: Fri, 20 Nov 2020 12:14:47 -0800 Message-Id: <20201120201507.11993-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1361,8 +1362,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 16e3430f7d07..7dd6b815a9eb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -474,6 +474,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -672,7 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, f->lsm_rules); } @@ -687,15 +690,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -707,7 +712,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 6ebefec616e4..6bae2ee9b251 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -429,8 +429,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index cd393aaa17d5..3e47cc9b7400 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -562,6 +562,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { if (!rule->lsm[i].args_p) @@ -574,14 +575,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); default: diff --git a/security/security.c b/security/security.c index d01363cb0082..4ecbef074809 100644 --- a/security/security.c +++ b/security/security.c @@ -2558,11 +2558,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2570,7 +2573,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Fri Nov 20 20:14:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922097 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57765C63777 for ; Fri, 20 Nov 2020 20:20:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ED27E24137 for ; Fri, 20 Nov 2020 20:20:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="RpCg2Xp+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730488AbgKTUTs (ORCPT ); Fri, 20 Nov 2020 15:19:48 -0500 Received: from sonic305-28.consmr.mail.ne1.yahoo.com ([66.163.185.154]:34826 "EHLO sonic305-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730494AbgKTUTq (ORCPT ); Fri, 20 Nov 2020 15:19:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903584; bh=zjmhMXRlKguOoGVxTu91keL0NBe1sdmC3QdSjdvv0uA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=RpCg2Xp+l1i9jSNmzVkkIMwZxtu0Le7VLzbKmBRvLQFoZG8c4zgFUErqe1PsZEPR415tbpKxSGPXmdeL/A9gbECNzR2Xr0u6VfqXpgMauRpm0EAXKufSesNsKTKhb7V+XT0vG4wmD9yUZ53PNzTD3I1kdw3LU2pOWdOGun6VAR3grr0ZXFybYTYI9ZC/qCr45VihchdfgJVsIq2QsgydQRSv78ZjqsMNkc35yry1ms8VNUnJMMS2cSEPgZ9U33CSOhKpysX92upmwbklWmtpps13rIjfcSvgnyD0Q2UZt7waXK26MpgowjQ01Ce9BB2Jaa0O3LfIk4cMk+LMwglQnQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903584; bh=AxO0uiNByt+iqdyzzxBHXt+aD/TCwNMOCEtKGesbFia=; h=From:To:Subject:Date:From:Subject; b=r37cSMDUCBoEouRjQU4g+9gmy+FpMQycpZzGkyA1s9AgltL1/bmaVKQkyfQuU8ZjNYiCcXlbp9ItHE1SFGLXe1cHTPNMyDvkWbd93sUmJYwUt0XT2OO0CWnc5VzXBw9fvnF6je8rNd78ec+dSiQl4moMH5GHQmY08a648pxmPAJzMTvbFg5b1hDRiii8NPNtgSfO0tDUeCt6k8mtO/eusS/xBVB1KN2wVfQ3rJ1kCrCq5xUXZ9RL7bhRU3U5C8f/HR+UhoJBNJQbcKZCaeKPK+uqFbjE+ALAFgWCE621gCknPgUJiS3tTxaLWu0rH0auQCnI92oQFikxiayNtvXINQ== X-YMail-OSG: GIK2ZQ4VM1nE5a95SJHWYPPuhGHlkVBU_KtgBD_ZwtW30XA8Y5ElYG8S_FInnRJ xqODN6Xrezcj_TVmuwQdo0kgfvfku054MnV8PNVA5STWpzxWqwo.289eii5lov9RUx5YZz2x5czK wJtyahipXdZZSQ0TztFXsm0LqLGUF8KfJ6MVZVe4Yt3J65a79OxNK8.N5_oxKzkk3uBiIKZRfxJz inx_Usou0TWL2wEADC0WD8hSsGdVNMxt0vQmMF7ZMZBcvbmgjCyILEj_WNa38MST3J7lrZiPO.IB DyErJJRfkaABGLKyl2oUYqxL3gAuFSfZgD2.rZwtZzTZU6LVAqDkEHQ3mQoha41Q9vzVGMf2_Vyc H7fIAvWu1YtJtmi7uV8wrWyQRE8mDIz4T_b_4YR_a7je..F8qRsm.SeEFk1szZ7Zt_nrmfjmucvM ePkCffwsL7EDkjWvPZ0m0ba6tjrIrmNv6eZfvgZOz1iQ4Ae9ejxbp1GF3xfnOo7nq5UGhPSUUT2g ORzZ5YEVI2aw0GhAOJi4bEUjlF23YF245vPJzy4wlb1BY8BdFFkBnNpaSZe1udEtDCiU4WVjFXOA xReoMpnrLYdvkmpagh2KRQoYiH8olItuYuN5Fqt9EeHi.oQ_W1gs5Ykyftyul1m8yGVDrPxz9nEs rdBa6s2SjJ0HMLWtlqcX.ofi7KL84XCWNMxge8l9K27Vr5YncjzjuFilLiv._rKAw9LHJEYLasFR ouhi5tH3BUAp5p431PMWpynrVN02iZuDkA9Q1qH9qQf0d2kXjJcI1lXS7z365tBrNNC3pZHxlYvJ 4emtLcOP2JLjdpwGRPAgaQAv0Lc_6l0mZDvRGeLsnwjElvATXet7nqUHM3ZANSy0JhZCjX1KXJD9 FQgTzQ.oacckvGKk0E..BRebpXXg9YW06FYoSPIpMPkxLbEK26zZDD6flTKizI2WM3np0aD_eRTT ARawRbTvpa8DTZn1ZUWiSaQbPdhHSE.zwYRF4jam9gX6rlAxWcr.yIbUb4xrsnDZtihxT0gZ_21g gFuuDu6ywMmTRAOfjKB_A18fIcqzv5sEEt9wr2mV5oHaMMpffVcQ5zdHPiG1SshHYH3CBHxTk7Kq JqAiA.ADCRfLSacM5ivbB.rbOiJFkfJHyw7rNRV_wtLE4jLjaAxprd1wF83iIJxrYWcQIheP7uxC 1hGCRRLbubVVEW4eDO.sqwjMP_JHT2YYm0IMIwHikCHIhDeDlxvEFa4YMNJT8XSUC7Y_2O8jSsOi 8BG71MTR3ytE1xn3f2.o61qhpEePfdVcJIn7AXkPg4Asm4cDvGGiiHM9.BT1duUG_nTssYB0qxh4 vaRvdN1aKHT1KjM8BqOlFwwYAdwGHOFJvCAeeVkv3EM2_mxC71V5y8UZq63yHuff0pxAwDwPsuuu deiPucj2DlLZL5TR.iW4kxSi4Aa2LHGeROO7s8k53Rv0H57_cIBfs.pCxMm4TdjuX4Z46.J9HKDF XwYtk1vmdkTGmUdM2KOdfaQnt9Im_z3vLdJoekJl2xI1FRNvzi4zcYRugfhbI8cyh61X99Llt3q1 igFaBh_MTQb7clTDq1nvfU43nhzwUvUitWghkW3wsj2puvcs53PMUi.uBzaqaUz1JzQ0L0dHfKsx z6da3.JkLY1F24rYuoji2T7ofVjYeMnUTw8HEL6tyeA3gHiUzSUGuVuaelpiZv6fZEQVBhXh7xRP 3shJbGVMAiRm82.3MVHBaW8SQ7lN_1s_b2QxIgmUkzIflU_V0j128GumM67gzcUJq74Yrj_UstLh Z4jaQfePaPsFK7ueAQ1HOBBaVRZEExJPgu9tJ7ONoqWm1du_W8EBOyWwTmAUJVeBiti2ZVbFW11n VQ4mf_9Ezrc6KRoggYJrwQm6b9NDGfqHLqhdI41D9nvBGA7nZ9VDhwN5ecvzReNxOr5BeZzCSNSA 1mwKiZus.x425ZAPjTbZVJWhhKrAlgnM18InVlpuNBb.0I_q80KnTs8m71oJj26JjBnIf1OPtbdt t7RWgK_EHhABSGBs_IkzEv1TJMLfDIp.NpEFpiEaOFB3RD6lXuTJ72CDDzWj0TJhVKkSXp2GrHHi 8bVA8PhKJx036RMAJA4Y.ZOYSASioVHSQ3PNwOQVBtO6v5kXacdK_F.orVHq2ygRktW8RRjiSR.t qPriTaJ_O3Jb4tpUYBnEARDVbIpCmwhnf7XU_FYOcqpJNRdTRotYdN2i7dubPokzR267Ka2fBskA FoEm4Teb4w_2xfpfCsjxwZSMu670.wz9OvjMOoN428wampYNedJinK2IK74xzMcRKcd62Y_cU_LJ 50i4a81U4eaLavRSCA1CAEKF.IYUpq7EB5J.YiutpBtaGSorA6fpkKZKT1Fzixj3GpF6kCdHOUOU pbd4SBxMeh6uqERv5MqxFF7TiYcqBh3TI57oGuYZTW8OvZX9e_R7MyaLXsJZSi7eAkR5wAkFjv4T BaM09wyuiMGhvMNaBiA0nuo.RENE92PlIqd7wX8alWTnmcwr7O.zHq6DOTph4oNDfSYFTu.MMe6Q 6s.MSWNMaYJNYrLL.PHJbsbgZCDJ7cBu0oZXrbIJyleiMO5EmPRYkxaA929kCV8s3pV0STkTmN9e d92mBZjpo3vHGcl7GLB_ia9qKwmid9MCexQNOgFCpXURRhtN0jLDwNHn_GEo3S1Wm0i3P4LigDT7 YGdqrDEc4AWdGPvczVyRMLw54CK.1Me6ki9MNUAN4FUqP0JUj99iRUbcKPSc0eo4wbMqPbVkQXyB whEW.okcVBuTv2E2sBEJUne33Mn3Z80hxeslPRDrjmbfbgQ3LiVIIYHPTsT1IAgaFNbqJ6A4GiXG VRvbGcDeqqZDnN6eDrmBFnjAH78iGjcx58Mb_Pj.sTuHckr8d3L_IPt7LUS1HV95BbGjf.432YYL GBeNGfLVOYEyhXuA9Whx0IHvbFsLg2A0jlHmW1a21f1bcjENl0sEF_0fHnffs.Bj79IDeAUmheP1 4mikj1WYz5sWKBlWNg7PUSFCYDHkYQVXI7fRiw4SGOwAOmJ5_l4zMnRyfO695T3rPBdvzhdAW.MC y16lpl2qfFFubF5HQw2xC8DUGZpTPD2rkcy33DBlfZu2QnplqQZEydK3J12bMaaXZwKAz0H.vNCP tN69rIq2Y07j3Au1laXm5lTG557khc6Juyp_g86MoLBP5N9J1VKBL6dUQpMKHg28bbItOaO83Ql2 46grmiLlKQXZ7Wz_qARpP2HlZZzlXiiGREdaBvehyz6ei9FglN5K7_ZFP6XPatwisTWSkWPsaAy4 u15U8ii6Qo2_C9uAsZkL9MH2DsqQi8BRi5CV5muF1R_LBZWmLNhRH.DEI9gTj8g-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:19:44 +0000 Received: by smtp425.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 34d99afb7fb384aead877b81c3736f31; Fri, 20 Nov 2020 20:19:40 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v23 04/23] LSM: Use lsmblob in security_kernel_act_as Date: Fri, 20 Nov 2020 12:14:48 -0800 Message-Id: <20201120201507.11993-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 18639c069263..03ae0182cba6 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index 89c538aa283e..948d12a5eb25 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -443,7 +443,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1061,7 +1061,8 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index 421b1149c651..22e0e7cbefde 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -733,14 +733,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -756,6 +756,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -763,7 +764,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index 4ecbef074809..3a88a90ddba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1693,9 +1693,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) From patchwork Fri Nov 20 20:14:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922099 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6709BC2D0E4 for ; Fri, 20 Nov 2020 20:21:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0B82124101 for ; Fri, 20 Nov 2020 20:21:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="qrxjVgWA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730245AbgKTUUz (ORCPT ); Fri, 20 Nov 2020 15:20:55 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:36678 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730373AbgKTUUy (ORCPT ); Fri, 20 Nov 2020 15:20:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903652; bh=hdPFlMt1N6KYJ82qhjneXwVGFiiOSNjYsJurXTcc6o0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=qrxjVgWAuUZGo/WztqbzkzRhawd/CvTtvfRolzPkT/CizI2eqjyhXRAnIjYdvyuG/hBIC0p7j0B8MT5bLIKdT9gz0iChs56+RMFnj2jES/j8nRyEcPe6Jf5dvg3sMXEwPsaU4WBwlbkmyAFdSHUWTRBIWAnO4XCcdtLJgt/vI0rZrwJ21IGOuGdFS9suHjPqoTmKFVKmyEWbB73LqD+Mf3mhQ90hJFWxs4T0DIj/Z4HdP7e/sHBYSVI67cHGRyJOMx7QII+7zyQUH8KQv5jygXMPYnFmmMGlotSee66QHXyKwxFJjqyHOXqBm7qBHtXrP79FwGFMwwD+k0z/MY+78g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903652; bh=8jstPlIFnSza0RcoZk+GnjlrXJFwae2QHoJX0Q81QQq=; h=From:To:Subject:Date:From:Subject; b=sAZ4ZyM4SVrN+ASxuFQChzHMweto8uzoS8mxy2J1oPkibA9sQfCiCfMsHGm3y8YMeOYuQZhMH/HbPI5ro94bf2iTGxmIa+hEMCD+2J/chtbUUMWvlItZ+P+bHvklZNTy/i66GORKV7F8JKzidnBKquhc6/uNrJrHnoUSMsnpdDOHkkAeIE0MMZRfnQFll8fqY/dBZnXT5NEFBUznd0vQ32SIkE84kF02rvFLSFssjF0B0tqzYZt2fPKBtOALRH9gbah/alVQg0dSbsU7oN5rkuUi0hrCwaGRhjFJr2zOzxdyZXRmYqzFyoM0hOhX+zyjGE2AtxyucxRrgCAqR1hSCw== X-YMail-OSG: FlhGOYwVM1mkPTuuqhJE1zZ9cdU13t3f.5STFVuVYBUL6tu0zsFmJlpBoU2oN7q wY6ND2AknL.MkG5CIkoOQlbmNL07K5xLHApQc9cbIeMMWEheIu09AEFF3iWOohzRzDhaPmq7vkip iIW831QVi3tJ4R6ZKJXy99GjdQ73H2_RtjnFVUmI0BiyyH8zCGqCt9vM_AT72kkLhXE75Jbo07VB MuxrzHYT8HUhp2qDoPN69QajGXLUoL8Ge8EENcq6h0GENUxk9_XAqd130Et7Fm_zKXGDPaFRUJuO vbLHOZfFLDFnzSo9DoUp2a9W9qgWy8c5gRO3K3uQ4kh87aBuARIJGrtGdXHWiZYn_uIAn4StbtBB ANxV2LyZEfx_rc9PD400ETsQ8rEsFNoH3Gju5BCFIEidcKz8zKMntShm9jezgLzMtK1CYHdXliSD SHDudQEDxEFqes5z84bv0I4.OLljHMcYc5iwUqFlJt5Dfa3YnTIlGEIcnhitfx1WjdrNtto3jcxf QR4M0fx3gbu3LESQ0uA2XSYdJhyQB75AV_eYW05RsvKAXTDcL0QZeAtWy.Ubjqy_czJp87YMkQUD nFiGGNK2742o2fEKt5RISVjuEZcbrFVncoko2ACr3UrZhYykgiczVi4ahezf0V3ziw_9yhYL_hnF z1y2buy6QCn8Ic8BvwXYOlU8KXmgBNqN4CPxz3.tp4DAlLADAUWYGfDtvgdm8uJNE4v_w2RWAWI4 PNy8Nf4TFZZ6THHetddCfpQgLIv9hNiHGgQylydzvAtSZiAJJWFhK0bfxTaBWoopUiTIOkGx8yDF i3u7oR.wCsMVdl0g6iGdbjFg2uFJBF5BbtjKwrF_vI1IGSrrDDLKIj6iR81W7hFOVtZN_yQH3oWI s.ah0cIyPhjAtWTWBl0g80Ao8VO8pmSyK2xbrI_CHEi3qVoaT.iNYty7bgHgIRzYTQqx_0CGrOMy t0Gg.h0HP9vh0zUmuVCEl3O7jAzl.20iMJjrg7LtpZv3GRJqjwwOtQLHgEUhkdHdGfbo67MeVV8l DxV1fOGi65UzXMMRyeEwQmSVB_kDj.idC1TNDa5nnw34FEVyMErl7nQQbUtHXyr92q1go6eUOH5t Rz5bRg.Sz7fxWsI4ku0bbtaXaNcG8_LP6Q90nQVLwaH5hx0qYc8QejVDwTle7fF9wF_m.sSojVaC 6X1B.uDu4kTuxMYHAAWaV.iN57wc9Me9La6oGl3yMLyW1dLFzDPdKSJg5qmE3Oahq1fFCfbeANFy msUjt59401VWdC5FhThpcv62RyYIwZU0opDc641g4a_PElka0bjq3vFL_kFAGXTdAfLs9PS6qTYY Ommbb2BH4fVlDte29RVUJftZomM8VTEJ4vl5y0Aj54DX2hG6bYqiSloFCcZWbU0PAhFlraeWM6Cu hF210BjIZB1lp4.wyEVIDRA0ql8gdKdLelmDxp.OM6urzWeAbZdEg7ty4unLjV.vRYIb1kGdd9wa glm1HW4VpYcUukqzU7a34B4g2ZyLWHd6dwf3ERNilWnoGlnxq9SklG3ctQOypsxOvp6SkLdoiomA ecw6kkx2rOFC.bz8RMJ6UuiE.jw5serjyTbaEAxdO88Yzku4z1nFfWivtRs.L7d0YlowKa3ijSCT xaN8mSlBRWdfgtm6OmUu7OG5yxF81Y1qc_Dv2GXptfEi5X_T8zTZrQ9AjRxTF_.RYgq524gh4og7 2fp2NCof.EA1y..qkBNxYRF1t11QXe4_8Kjo2vZKYLblp6izQA9eBeS_3lHibAB.dPPIfFB4GNhK GDOj1O30SsxowDq9rOrSRcVWT8lAOCMPSHQ6eWMYUV.vi0buKFS4kHPf21_ZRWV31jDH9ke11ZaZ V.IdplsNDDN8ehEm2VA0uG5BxanHlXw1Jblz27.hQNl0KzxXnHXf0CgrMauuxNf4HPfHuR_TNvxL pWGBveXmcirn5GoO0aHgLuJ4i2FzMngOQg585sVt61K5DbYSnwPf1sH0AfccQH.ylUCIDRJv7fRI MHYISMidl1_0dU9r03CT_WnWqFQLbGbyVfhoOiiCJexF8IYF_JbYjIvZHs8tFppXw7ibLwvtwtat doWMcy.9xzDePtiUHEBhRQpmZsLgcXm1IcjPAuKKzazWm2XIW2VOLSZffdi.4RJF4ZkhaJ2Q6c_L GEfbyar_u7vHWAOk0AhxZxqxcePbid7Xo6uHLZS_hm6KYlJMD8RtsZQ5W_F2hU89ozkOsZuBZ0Q6 u77tiIlcmlfCXR34MiLl9qgll8TS6.sUMSvCSGd2pn8DQokptXLrSwR9AofMr97M5PjVjF7nAy24 mfqRGDU2uMI1d5dvoNMLVWb_0h1MkLne.wl0npqdalBmwBvKew4wz5crm0R6pLCQUwpedzwQJe1Z JNm1hp5qdVLlAldIIR7hl.OfNj8qnMMtRyaFbwxmI7sM.BSZYRWGtY6RFTXURRq0KaPUCjOU9ylL JQLyBFcab3_mdnED6rVuD4y.eOLp4IckX6q1WqFoWZPmX7.rOM4pbaMa03MXxzQYhkl8rDb96OP6 qOUM8zzNKX8.zAGlvdvo6KXzy63XOPIZTJcT2Izn4yMv5L76elYcFazQLPV4kxctPE8xX4Mj5D_r wtw9Y4nUb9dsMeNCOIt0JrKXCFmtaCIIYW7.8kdZTMx43Nh6CwsSQ0I2tHu5zIdXgvMpzfxd5TYM AxzTkhqmOIZeyQh9cUgGCxM8HqEPKt7PM8mwnrUdy8h1DwsDX_mCqeI.TikAYTtEGaH5q1jMsbfR OrzxhNvmZABWK6tBDfwo1.TREQa3DHG7.A0Nazsm_EoXLhhllHZ48SSl87BNxvs7o0dkfFNNxPb5 4pHP2nRP6.kOcJUa2KF3ovE1HhvlDZUthYgLgyuQKmUygqgB_tDVZIC_IomG6mr7hmElCXgkpsgz NzbXmbGTtkzgvKLR.cqa1RIp7V8noz90PYCWaME1qU8aUAHWhfMnfUfuEoqaQ5oqvIIywKtf.rQK 68S.NN0_77ef63xqmqj6KyiaF67q2OYCu4fvBg_8_APrTDtl5iIOE6w.uhV_SPNX48.LLRBgSENC ZZPrRECwr3Lv3fO45cuSTNQ9R19a7sYM_U.9HOL08eedUA06I_XK7KF67A3TsKH.nm6B75_HRShV xiqcWayJ.IYjrEc297UX3wAswWm0vouprCcZsBKt5iiKbLug9MxKHi5_QIQjd254xGBG.uAsrS1L eilTkAvvHVAazBiBJcjIaiCuqOgmrfSDDdLyZ7nScPt.wGLyLW8AP4SQ1RZNPL4Dk3Xxymts.T5m CxeD4N_1xPiCL4G6pfUDO8GUGEXedWk1vZ1ZSV5zjaoNi4AbAMLgLR5tQunw8Lr_quXRuxN8g9AG 496DKRjfNp7eq24hxmrBDoLc2kudnEsFA8ghz3DzHrOOlbVfu3BmXW5lo1AxOD8KtBa6b64sjfZT Eq2I69dknpCrsoQEud72SuU6IwBOwHBhjm_BbItR_XgnbZGdSWBmiWn1FJVKuVoFuV5uHjJ3A.4N 9gQ8Jz_fr4hVU82.SdSji Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:20:52 +0000 Received: by smtp417.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 3fea8d9feb3cc20fa2b4afa5206cbedf; Fri, 20 Nov 2020 20:20:46 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v23 05/23] LSM: Use lsmblob in security_secctx_to_secid Date: Fri, 20 Nov 2020 12:14:49 -0800 Message-Id: <20201120201507.11993-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_secctx_to_secid interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its callers to do the same. The security module hook is unchanged, still passing back a secid. The infrastructure passes the correct entry from the lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++++++++++++++++++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 ++++---- net/netfilter/xt_SECMARK.c | 7 +++++- net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- security/security.c | 40 ++++++++++++++++++++++++++----- 6 files changed, 85 insertions(+), 25 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 948d12a5eb25..0766725a6b21 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -191,6 +191,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) return !memcmp(bloba, blobb, sizeof(*bloba)); } +/** + * lsmblob_value - find the first non-zero value in an lsmblob structure. + * @blob: Pointer to the data + * + * This needs to be used with extreme caution, as the cases where + * it is appropriate are rare. + * + * Return the first secid value set in the lsmblob. + * There should only be one. + */ +static inline u32 lsmblob_value(const struct lsmblob *blob) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (blob->secid[i]) + return blob->secid[i]; + + return 0; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -508,7 +529,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1335,7 +1357,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle static inline int security_secctx_to_secid(const char *secdata, u32 seclen, - u32 *secid) + struct lsmblob *blob) { return -EOPNOTSUPP; } diff --git a/kernel/cred.c b/kernel/cred.c index 22e0e7cbefde..848306c7d823 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -757,14 +757,12 @@ EXPORT_SYMBOL(set_security_override); int set_security_override_from_ctx(struct cred *new, const char *secctx) { struct lsmblob blob; - u32 secid; int ret; - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + ret = security_secctx_to_secid(secctx, strlen(secctx), &blob); if (ret < 0) return ret; - lsmblob_init(&blob, secid); return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index b37bd02448d8..f1b9b0021414 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -811,21 +811,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = { static int nft_secmark_compute_secid(struct nft_secmark *priv) { - u32 tmp_secid = 0; + struct lsmblob blob; int err; - err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid); + err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob); if (err) return err; - if (!tmp_secid) + if (!lsmblob_is_set(&blob)) return -ENOENT; - err = security_secmark_relabel_packet(tmp_secid); + err = security_secmark_relabel_packet(lsmblob_value(&blob)); if (err) return err; - priv->secid = tmp_secid; + priv->secid = lsmblob_value(&blob); return 0; } diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 75625d13e976..9845d98e6b77 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -43,13 +43,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_action_param *par) static int checkentry_lsm(struct xt_secmark_target_info *info) { + struct lsmblob blob; int err; info->secctx[SECMARK_SECCTX_MAX - 1] = '\0'; info->secid = 0; err = security_secctx_to_secid(info->secctx, strlen(info->secctx), - &info->secid); + &blob); if (err) { if (err == -EINVAL) pr_info_ratelimited("invalid security context \'%s\'\n", @@ -57,6 +58,10 @@ static int checkentry_lsm(struct xt_secmark_target_info *info) return err; } + /* xt_secmark_target_info can't be changed to use lsmblobs because + * it is exposed as an API. Use lsmblob_value() to get the one + * value that got set by security_secctx_to_secid(). */ + info->secid = lsmblob_value(&blob); if (!info->secid) { pr_info_ratelimited("unable to map security context \'%s\'\n", info->secctx); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index fc55c9116da0..3b7a3e0ae8af 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -882,7 +882,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -906,13 +906,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * + * instead of a u32 later in this patch set. security_secctx_to_secid() + * will only be setting one entry in the lsmblob struct, so it is + * safe to use lsmblob_value() to get that one value. */ + return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, secid, - &audit_info); + dev_name, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** @@ -933,7 +938,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -955,13 +960,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* security_secctx_to_secid() will only put one secid into the lsmblob + * so it's safe to use lsmblob_value() to get the secid. */ return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, secid, - &audit_info); + NULL, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** diff --git a/security/security.c b/security/security.c index 3a88a90ddba6..eac7c10b8cfa 100644 --- a/security/security.c +++ b/security/security.c @@ -2081,10 +2081,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) } EXPORT_SYMBOL(security_secid_to_secctx); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob) { - *secid = 0; - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); + struct security_hook_list *hp; + int rc; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2235,10 +2247,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, optval, optlen, len); } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc = -ENOPROTOOPT; + + /* + * Only one security module should provide a real hook for + * this. A stub or bypass like is used in BPF should either + * (somehow) leave rc unaltered or return -ENOPROTOOPT. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != -ENOPROTOOPT) + break; + } + return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Fri Nov 20 20:14:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922125 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 921CAC63777 for ; Fri, 20 Nov 2020 20:22:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3888C24137 for ; Fri, 20 Nov 2020 20:22:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="RIUMXi0j" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730626AbgKTUV7 (ORCPT ); Fri, 20 Nov 2020 15:21:59 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:46105 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730589AbgKTUV4 (ORCPT ); Fri, 20 Nov 2020 15:21:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903713; bh=9KYvMBO0f3QJAkGUkYTSB7tT/AsRWsETYIOQ/jkgV7A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=RIUMXi0jtNWgALJlhitgaJOz+UmuyQu2YNN5dM3GmBS6DTCMHMYCMPpTXO6Nar2FhaJoUXGvYGh5N+1+JNKWaaSbc+RhL4X1uP3RpUFa3lY1ApCjI0LIeYrPeM4bNM0NYK2V04Xo0V+F0KooHpYomNjdPwKHOfqxkoKaTBbmIo5kuBCOHBO0UbOgI2wnJ06Xyu5NPoIfHFwOf77f+7Q7Gr4VZVJwPtvIBWaUfcADEaRZgj78s3Pz/TUItvLic1+ITt+j91R0iLZvj7+jouh8Yzx6hD1qfFu8bBh03ym6CESwaIHCNLxaUJA4p72d3kyhTHsaUm0p/aiIgj6FRKuAAA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903713; bh=lFg+SIWAaOvQAbVmA8auJ1GwibrjS679QpVZg5eTeiZ=; h=From:To:Subject:Date:From:Subject; b=lr6mFlbCIxQWgbHcsybwyC0EpgSvJbn7jhLEDI1LyiXK9SGP8RsbKv0mxWQXPO5+oLHmba472cT9oLroHoK76guBqtWYuvukDwf0gydR1aXnffpA9BbMFbzAhzbnFvFn9NLr7VH9kUJVI70F7plOWGZnmD8F5sdBYJ9x0KEa62zjqXdLG0wcFZV6U+oBmeYifdCHT2CnPVA7dKiO5eXQDXUZsSUOZVIxka7wMFKtZx1o7kSP7sOF1RIOJzzuObX1KvS5cUifCNb3Bwb8PMxL8xVP4ZnlsgUA99QAldkiDyBGK+Z+xOGfe9jXHMc5XQrym1cP0LMXwKr817S3losjog== X-YMail-OSG: EadB0l0VM1muBY1RoRD_5Q8zv.8hRIGh_kn51W4eyeNTn20Ro3K4GixmeP3squO eet90UoRVnmwG3VElsa0D8j_Qzt5cWIeldHv9Aa9xlfVdkmuzs8ExOyI1i8FN6KiFdsNBicoVHkv Mg3h8Tza7qTUCAkHz6K6fZehYhA_03JGRgwj2lmQzOr9CWxgPHZbrJqSdXv94L.QhUgLdvRa.LIo T57m6fna3LyfKGkfE9FpNUsyeKFNIEH_hCZSydm5dyPIRojGJHvud5F4OEqb699TRqcwWYAK83gZ Gm3b7EE4qkBifm6bKHFw2uUvGCNDnk2J44kZQp.z4AjPRdn0T1L4tbwGLIw9ZPsugmbpwHUl0CZW n1J1oxkfz5NDGq6fA9fDRlu8P39fC.FX_ju._F4VbZuw5UNJpOhHtGOPzx0By3l2rANgDkvWHL9V UaSZsAsSfmrZy5ng6Gecxy.D_lxKAvcmylG40UlncyvsenVwBfSRBv2_H7ZavqHPKwzVeYisRatK ZQrOGG_n.9FLDfDKvrJzX94U6m0qSQb1zTHvjt4Qw4bXmPJALsLA6d24KOYxB0fFQ1gPGxTV_KZy pFyj2ZXsxd9ltFvOBu4G374FHg.ELSmpWHev0SGgAZASlZgNCI3RDZooxQbsglb08C0wRAf56gd9 XYmpMRoNb2tzdFuv0Wy7iW9yjmR6H29l9p_oaFbxoeGA_7Hqc_SfPgaSs8uJ_jukwcVTq0PUbuLo Lgfc5lyVVm5.utgudJ7uZqiFRcnGnoB864FD2X3tXcsR6ne4insyEj21x5mSZMIxy6dP0YSrY7oN RWQ9UUNmeTsatOU8YKLPH.mBHmtUtLXzhewHqEti5fFGGnr19SS_JS9nj_wkxBkGoEdje9VPpV3q mTBXPPL2CAbH9VJEFCsn4p5essuieUDl8It8KNlRjDL44YkN4MuXN02Dy0lvQMPPy5FJvE9awbeF K9UISZe.vGJFUM4Ru2.9kPZBntLlewfHnuZBm8k0pcEcsYVdUlL3qDE2X_VHbtn2XQzmDtZJFVH. TnxQdPseKE9FZGb9Eg1shBuLE3oha3ECXRBHcUeMfCXcTSGhCibthVxu9SzqEvxjwrqzvHqbQu5q 9pOg8Pe9sfjAeLztQl3fJF30kEzW1mciPcO1dQ9quXfxgddosCai4ctxQSqzQy0ZWJroS36iN2qY ZeIEoVYkZvgMzmbKfhmrWjb1hBf0EJS0s4N1C5FpN910.Uj2fO69br95_K6KtdnyGpsPiaMmiUTQ s_t5NuYnCaSRBNRF2VR6i4C2kG2BT.9VUaZEuYI_smZ8G6d2OyxP6.Ev8RFhyp6AF8TWZDLSHnGB pzfPeqSglIuoW_clthpOvCXJIVVwnh.MfbQ39yZiUWj6F1qiWad6dh8LJ.4wLIHwk8FzTN48MsOv Tt_6BBefRpuspfSZasvFAE0jvp2fR6QvVVbigO66aLXfTEFj_hJODte4cKPLg3G9i_QBt1vbUhNx CnQOqpGpDXO5r5gK_r1YgQjZcClccxoJwu6gKRQcNWSB_YqgRM22SXAUIa4uuCRUEGLGn55J2AGJ UvudaJTGHsNoXsEePcyxJqrYI2ox8.96Z8V5CfjFWZqtqFX5XOnM9FsGvEMArQNC0T7wyFS4vWuc d.pWTjcM2sQ33hgSLfYQrkIutim_R1bpQmDumtosXguJTpvgh_GwsZuim8GyHvT39syLqFGZF.mL NjfRsKX9BJzyjJwASGOwi3FQf.N_xUuOdgCIsTWmqlSoIh.j_pVV6CaaWAMODfh4DQKuZZgQuEUv hNhLqsdF6JylzMo9eUV3bRvvWAFD_FYAyi9a4i8rlSHxUdUzs_54bHd9Ec6h5XPDBLma2QHGIad2 laq7UzH.rxZd1fqGaLWj6mUBbugAw9n81hUj2P46zTki95CocWqKCKlD93TgrtjCaEyVUE1bqUVz XA_wjzBg1WqFG3A6C16UPSVvUEeKWfHvH_bgU9G02oS4kW6Nc2qyplo8qWaqIYsG0zXTTjyu2h8t vExfv4TA_6keahl9cRb5u5v.KUKU6zsaCV6LsP8Ho4jGXeD79RPh0xztPPVaF2_ofRT_9b6G7DAi M6R9gu1b0GiToWj_qKPK3a9Z7yH42iiEFtr_nrIpXdpHxhBWU5XmqQo3ZL69XTWx9H2Fk0MLFTw1 rt0.EBvp2sQG7jdqtR7fs1zGZEZMVVts5r0ZMCadiMsZGOMSy3x_y_QaXXV2HX32w3r3y1JSHFjc WTw15_fvEudfUUseWudrZS9vxkLTqDTTXCPsh2EgaBbf.L2BWnO9xPYYjtnr.GofyA0lS5sElKpj vMR3PiCwHF0xVCybxcDDfpi79TdzQKUbqFaHzZzfFzLq_Wm5f6d10IR8a_97B_gI8rIfKewZfx4N cUN6SkJSPkWSm0Y3_1sWTKQBh1HwGemNP7FUileJACLFTmMjZqlU5hmUmgtf_ig89rPGMFDnLsKm fC3APdjwQFOHQylU4q.2RXoo3ve3UYoWDKE7I1rGg1yvvbROUSo601xiv9ofvmiA9pQDcfwqC8qh oyHP94DeSRMnDLbgXVYwJjWh62Lg9Vk3aj_nrm3gcjsUXC4MZTQXCfHtt6FITRoqgdB9Z4W4YR1p PN2xQ1tBwj7ApqwKc0vR0rDlDkhOOD8pRjXtm8x5lCqCcYOrbJApGwe5PITPXQ2zFIiWW8YQH3Iy xbb84h0bOPkmhmg0g.Yzm6bAciMzwiptCyL9sh9y.06VAzFrZzcRNgywC66mt_aVKBg4uNZLw2w_ K.I8tZiz3aBCymdDJMxIq480tOer0FLwYjyqfBbrDxQ7jMA0Ilv29Yt8z4nfUsrC_1WOjmM634mP _A1gH4YC78ZNIY1LeKqWQibn.7dQJ1CxCZ3_wSQOcuq25kOYgPcbuRUBYTAIy9oXEg.0aFNsIIa8 o5ZdDLoDjSxvrq3Q0sl5YyPg9zaatYHyRsSUSg93ODikYlDJ5iaepYKgf74_jpEW8nuG6kMFKDEr qc.kh8ahj9sqcUn5d4LTBBq1QcTmxhQ6tZE3AoqaVVJXraOq08C7aCvR7fIt3FiDImA77qEVuJe6 snnJ6Zyfgy8_gSJTgVWwcaEFGKdNVQMtLWJGCfOOaw0Qm05Rk53E01yCslaead54YbR93WwKAKwt 1SzxSiLwr71EvcGAuXeb_.jo4Q17PKiYwU4PYq2WSi0WUFRVNfD5Izcej24l1VX6y8T8E7xisAk0 7PdIPrZUIYQz5PVd5qeY0jr25qAWTmMuzBrPdJTCYmnHFw5Jzm5psmrG4QZMpyuylb1WGfTu7WS2 L6SAbg20V20pEPMGQH9a0254UdGc.jmjn966Bex5PCjqb.xhuCuGvmwyA3Acscqj56b.3aeDOzTV ESm6kpsWvbO1aGxpEFGbOxwY_tImikvnmGpd7rno4TsXyKrFpQRXrZUVOLQD0nLQ9j0.4jTyDYcf O0opq5TegelOH2ACvY_5tNOS8sgKJb4i3pNmXiwFbdRAeOh3Q8qOO8PfFiXlZgVnOUioU7Q-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:21:53 +0000 Received: by smtp422.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 3798a4b2d2c9f40636660acc6adcaf57; Fri, 20 Nov 2020 20:21:52 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v23 06/23] LSM: Use lsmblob in security_secid_to_secctx Date: Fri, 20 Nov 2020 12:14:50 -0800 Message-Id: <20201120201507.11993-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso To: Paul Moore --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 7 +++++- kernel/audit.c | 20 +++++++++++++++-- kernel/auditsc.c | 28 +++++++++++++++++++---- net/ipv4/ip_sockglue.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 123 insertions(+), 29 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b5117576792b..55f3fa073c7b 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3088,10 +3088,20 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { u32 secid; + struct lsmblob blob; size_t added_size; security_task_getsecid(proc->tsk, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + /* + * Later in this patch set security_task_getsecid() will + * provide a lsmblob instead of a secid. lsmblob_init + * is used to ensure that all the secids in the lsmblob + * get the value returned from security_task_getsecid(), + * which means that the one expected by + * security_secid_to_secctx() will be set. + */ + lsmblob_init(&blob, secid); + ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index 0766725a6b21..fad361bf320e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -528,7 +528,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); @@ -1350,7 +1350,8 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static inline int security_secid_to_secctx(struct lsmblob *blob, + char **secdata, u32 *seclen) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 1ce365f4c256..23a35ff1b3f2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmblob lb; char *secdata; u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + /* There can only be one security module using the secid, + * and the infrastructure will know which it is. + */ + lsmblob_init(&lb, scm->secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); diff --git a/kernel/audit.c b/kernel/audit.c index 68cee3bc8cfe..4cd6339e513d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1442,7 +1442,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_SIGNAL_INFO: len = 0; if (audit_sig_sid) { - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); + struct lsmblob blob; + + /* + * lsmblob_init sets all values in the lsmblob + * to audit_sig_sid. This is temporary until + * audit_sig_sid is converted to a lsmblob, which + * happens later in this patch set. + */ + lsmblob_init(&blob, audit_sig_sid); + err = security_secid_to_secctx(&blob, &ctx, &len); if (err) return err; } @@ -2128,12 +2137,19 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; u32 sid; + struct lsmblob blob; security_task_getsecid(current, &sid); if (!sid) return 0; - error = security_secid_to_secctx(sid, &ctx, &len); + /* + * lsmblob_init sets all values in the lsmblob to sid. + * This is temporary until security_task_getsecid is converted + * to use a lsmblob, which happens later in this patch set. + */ + lsmblob_init(&blob, sid); + error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7dd6b815a9eb..5f9bdd62f78d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -673,6 +673,13 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } + /* + * lsmblob_init sets all values in the lsmblob + * to sid. This is temporary until + * security_task_getsecid() is converted to + * provide a lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, @@ -690,6 +697,13 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + /* + * lsmblob_init sets all values in the + * lsmblob to sid. This is temporary + * until name->osid is converted to a + * lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, @@ -995,6 +1009,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *ctx = NULL; u32 len; int rc = 0; + struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1004,7 +1019,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (sid) { - if (security_secid_to_secctx(sid, &ctx, &len)) { + lsmblob_init(&blob, sid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1247,7 +1263,10 @@ static void show_special(struct audit_context *context, int *call_panic) if (osid) { char *ctx = NULL; u32 len; - if (security_secid_to_secctx(osid, &ctx, &len)) { + struct lsmblob blob; + + lsmblob_init(&blob, osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1397,9 +1416,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (n->osid != 0) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { + lsmblob_init(&blob, n->osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ec6036713e2c..2f089733ada7 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmblob lb; char *secdata; u32 seclen, secid; int err; @@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + lsmblob_init(&lb, secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 3d0fd33be018..8627ec7e13fb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -333,8 +333,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct nlattr *nest_secctx; int len, ret; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return 0; @@ -647,8 +652,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, NULL, &len); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 46c5557c1fec..54da1a3e8cb1 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -175,8 +175,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) int ret; u32 len; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index d1d8bca03b4f..a6dbef71fc32 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + struct lsmblob blob; + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); - if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); + if (skb->secmark) { + /* lsmblob_init() puts ct->secmark into all of the secids in + * blob. security_secid_to_secctx() will know which security + * module to use to create the secctx. */ + lsmblob_init(&blob, skb->secmark); + security_secid_to_secctx(&blob, secdata, &seclen); + } read_unlock_bh(&skb->sk->sk_callback_lock); #endif diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 3b7a3e0ae8af..18749705a862 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net, struct audit_buffer *audit_buf = NULL; char *secctx = NULL; u32 secctx_len; + struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, + /* lsmblob_init() puts secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + if (security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); @@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -494,8 +500,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); if (dev != NULL) dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -537,6 +548,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -555,8 +567,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); if (dev != NULL) dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -1082,6 +1099,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, u32 secid; char *secctx; u32 secctx_len; + struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1136,7 +1154,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + /* lsmblob_init() secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 3ed4fea2a2de..893301ae0131 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; + struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); + lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(audit_info->secid, - &secctx, - &secctx_len) == 0) { + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } diff --git a/security/security.c b/security/security.c index eac7c10b8cfa..ea927a00de18 100644 --- a/security/security.c +++ b/security/security.c @@ -2062,17 +2062,16 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; int rc; - /* - * Currently, only one LSM can implement secid_to_secctx (i.e this - * LSM hook is not "stackable"). - */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], + secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } From patchwork Fri Nov 20 20:14:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922127 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0927C63798 for ; Fri, 20 Nov 2020 20:23:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 975B424073 for ; Fri, 20 Nov 2020 20:23:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="j2Q8UONE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730663AbgKTUXD (ORCPT ); Fri, 20 Nov 2020 15:23:03 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:34539 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730651AbgKTUXA (ORCPT ); Fri, 20 Nov 2020 15:23:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903779; bh=U5bKWCQ1u99Nru5o24TB+6IKzAJnsO7yXV4aGiXz6j8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=j2Q8UONEMHycXUGqVXBrOuh+XDIozOhIbO0Vlh4G453nKrKGmFCO2l4Vimg4zSYf0kAn8rIhXJu9Bm+udngdg3PWGrjWTCIZaJ9iTOF2mM0+TfnJiflexelXS8x/92YZbCz0zzj8q4i8Wdlsd4OJOYN4wLJntcmIV5i4lqnU3eAIpLbwNm3RZ58hlGJstFBTnEw4I+swFi+pXFeqoK1upD4y9M4fsLuw3Vt9vpaeX1+FVfqY2TGojDWefvMpEAgN4L69e7gYiRz3rtHqnKxNbFAso7JDObMOY6C1n0l0F4rpfK9uvOT797uksyDGrtw0hJvXHVccBTO+vvKRhYyt1g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903779; bh=jUNmP+rfuOlzMzYHIeB6sRYJpkPbV3UBc1+mDGPDr0s=; h=From:To:Subject:Date:From:Subject; b=eIFWEVkJ8dTthVPVFgpd/SNj47M5FJM9re9XRpUwV1RuyNxA1Qn2bGR5wu8UYzFp4NWHXymVfGEE0lpgbFzGaGZcJXojpcV6CFlfbnbj3QnMkxt4m3QQcBBDGB4ZY6oD2Bkm2CFKRlMRQIPAfIi3hOB4Dpu9qX02GmYYYCaKwQc+1Wo5Hi1ZE833ke9FA0D3OimE/ZIbnYCBwkCoVtrPJCke4eanvhfj1kylrD2Cq6ApDKZkhde17fEfXsvdx5oR3rIIZB8CSsefa/SEuOWwyssUR8xzhGy31KfJlCXMuExFBwDwQFOuAHE7Y31j+JK+xITCM9HAnmEBotKJokHAxA== X-YMail-OSG: M83UJ_EVM1lelBUYSmh7Fx8vIBQfQayYxWAvbMyRPOmHrr_gswxoAiB2pBiyumP XMRhLnH2am.lhprytDrj5SyovPHYYSllRsulPfqUs0nqARSI14TtQVP5AqNb5lxCMH47P85daLu3 sy6VOyMeonPCg1aE0AUU8BLQErqwBv4gzHGmltEurAOeVtgF6MHCyeazzv_Y5eY7TlW_DHsd_ZCE z5qa.CZ9KrBwuQTh8Roca2hox6Ir44HmmJ4oBki7qWUfAoUX8Zoag99HFKtBDcskBUYFd2MXkTi_ MOmmvLl6QnrX2Yfu_H05wdenfc40EGRRo8eLCyTTtdTAY365Qpwpw2Wwo_fs6.eLz.hXQwQbf5We M5wCtZgUKr7ZATah5Wja_DIdc0UUU9yGIRbq3HTQgFgTnPUQbEyrZqNR7Vpx37.EY5Hr33bQSblk DQBVJ1bEAXdBzRjjrBvHCxDkAyrKc0_NvCjiVTgvakaUOhSfGTYiOE6Bkl9cjd88NT1wTynNqZQe CO7omYPWxcy9WnkqwM_IgkYD_AZB9sKxRamHmj1gmk56ulMQsOmYFGDhDoZ2xmxHU.S0yJy7ezqA yRNPtKTEQIty2sKzgNpMiyXyQaSffuE0rJaEdU_A3zTbmXQpoYfZaS6CjI_d5c8eM8qWhHkoEqIb 7skWDsZRffhrFvpe7W9.ZWgXdTWp5X1R5QBiGX8lzE.LLeUPlC.nkul6qdX3aoFURo99rwrrPUPK LHY5ZIVSDtjqvinz8XwEEyZzXL5Hd6XmUvNv8m26CgsFQAcLL.tbw9NCwM9uv8cLdO2D2gSxXLR_ e2K.rYXAJBBVUs.9hak_XEG5leu_45oFo7oAIQvfMuSNWZH4s_q159YHWUN7UwFgbKT8mRfksv7r DT2VQN7WT4zuAbCHrGCr1REICYeXXdUyvN98fw3nGFFMalOWNBbGNBUMtElGmQ7TupSd.tSeLK2f ADLEs5AzAh3zRFfP6kJMJaWHrOUit6eihond8N997epbXjHrE3w8OkBcTuPAqLLAtYgq36N8nHk2 YTh6zQeMOiljZpnJXtKTB8uWg_fmE.aJFyKAHqA0PoYESFadq0Ayx3_NdI4b2lREb.LnJEuuVFQF q.CELrkYfAL27wBTNYUwkao1SckLV9a4jLEz3MCOud6.qkmp7heItVwWrUKUPueuCBNO6v5Qtknb ivf2Ne8kS1dFyuzskUli82MACFsUiQeHS7iJV2Lj5y6KNd8EEcWdGtXWmRV6zpiKU.95D1NvOixk XxOAizQoZM2eJjEme7FknAN729QqlrG8dVBc7gC34xSveANnzbS86fNiWVODg8Ilv_fsmdQuA9yt OzLv14EfZlTbwaXOxWrfkMY0H6sSaTQUo7wbN9ujd2HKU_chQqHhjQtaXKpxDxve2znh1qFTefkG CHAbDnWHiTEgIkllogdfPfKDMvQSPBGVWzeY9Pvrvvk0DbyAp5MmHVM3z5y9Lfo87WwFNqLye7RJ DIZ.PD.S0atVsqmxcGiCY4qRZrIASh_Mo3PFQ5StxeUV7v2BwCY10vX6WNrO0sXySyH5D3196rQc MTyQc7Rb0IGU34_YwsOU0aE4UPMc9j6tDL6DtlMWXRmvtKHOfcokXiz.qGG4X8QuxaZYHHumba92 g_ohmjRj02Odz2n6IPW4siusXgyK_cr08MzyXFL.sFK238dkLssGeRfryahg_Z3NbtjjD1eYwsTr 23XWUVPiPudPqueSrBm3PBHAVR6pvpFeDWGa5BU1pfw2MuuAlI_1837rLNwOVCYdpBg000j4NL31 2wDYqmWzb9l_rbDm_dzQeDUYL2PeEdcA2vBBKSjnqHnj7Hc9aAIDjzwFovXFfMgbVLcoba4VIcR8 HV59KUekw3qKvDvADUIa497ay9jgsTLWenjVja2b0uVWqLScFiU_bc32lSEZoHq0phXxFD1JS53p _a92mmw9phsoAE5oMJWuiQBJrgOckVLu2GrfXOu9LxvrjSxUvzN92ZmJpyTf9_mCUjaX8FNGzIxj fA.4nSlOqN2y_Elwmc2nG8sJUFqHW1xy3Oey3Jm3Y4urikmPDP6pgWogqS2CYoy4THYIPTTgD2zZ OQvZGVSrTkH5XMEs_YUicsrjldNI_X29wukFW9miX4GfINsfPlxPDhLqHeakBsK2dhK4L_p2TkCf agbIP1Ln2RFicnjy05aBZQ7DEyV_LvnAmUyHrTg3ITiuYRiHasJvpUUYstyIF_sMT3sjCNzWmSJB vDablRIUkGorEHRUcIXpCDj2DvxAZ9nJJpRhzVdC1kz023ZTx2tyFs4grYWAH68.BktWUCDP.tXq oAx3527xZ9BAtVtcjTpf5lQ8yBDzqbf0tAbpsDRemukvBsniLL3lyzbYRl_CPY3yb3CYw5vEZ2pZ NBCfKCtMC4sq9yIFkSAHX1dRS8oi3gDgzFkGKMqj8ULmv3Nrnapg2guo0g5l2wFtvzomhsAnKMHr 0abdk2oltPlnHF0.HGjbF71bq6Yg63RNMSuJ1f3uD7pTahQsBvTjM_uzYlBZ2xGgqnrfqZuG50YY 9DpWrl0OONlevi1HvsDINL3O2a1FdEz7nJIH2k7KYH_fw872PBli7bByL40lkdWI.CbuG3Ah74um 72l5ZQeKeMpV1hFRJxAiZLjQkI0vGOzQfUjQVeIhHgcS8C0YAIJDm0XELDorQAOHXGXJj4uFyo.J vSlqzz8GwimXMWz7Ux3D0u1UqwF6dvw9gg8OA04PeiOoXOFYuyOcnm9wabKf3kjHq0W4eHc3YURR 8LOJ6angztMQK9VUKK2Gdp8YLcQRun2jQx8lzPUtU2tVsNQaTDv0vST7eCsE3Obt4eOSzoonEOJJ .AEjR09_buq5N5w3yPeoI4KDGTEucVho2ytNWmz9oasT9uafnvRuK_Lvxo4WGavInC2d29nlATID WiZ1uK3bohCGWkjrE989YK6tKn_APNrwYOFxhWTiOebNIqcBpD.2ooQ1OjKyI0d1P6HIslKGVoAG fiqVNgxXfRt02i5kEIucAV0mHpd4m4s2ghjvif25vJcjDxFsaAIwYeTMOt1X5jzOaGakpf7nwZYX JE9T1J78LmwSDXjsej2B2kqg5fgrnFBD4FWz7b__tIIXnW71Q5_SaETbnLM2uJx6Fvt41OEspgp4 xl_ze45XlzCRbe.xD2.3xCf.Xz32la.b9vthLV932uDyJ43M4QHgYBroFXa6AvoJhSFUeqS1r2S6 Pp54hcdyalK75ti0oFSdrq6dMwT5nbrzRJ5s3rThJUoDUF3hZqJ_QHCXUaGniC0rP6a3mPBsh6WH d3KY1yqsVL9qpbygFjFw82ZYH8fcuVbZB8e7H14hl6yqvq94qq13cea9kTkQxew_V2n6MZH8zNIm 5C4ktlPfm Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:22:59 +0000 Received: by smtp417.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1e2f2843ff94c68f163049ce41d7b5fb; Fri, 20 Nov 2020 20:22:58 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v23 07/23] LSM: Use lsmblob in security_ipc_getsecid Date: Fri, 20 Nov 2020 12:14:51 -0800 Message-Id: <20201120201507.11993-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 7 ++++++- security/security.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index fad361bf320e..be8db737da74 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -499,7 +499,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1228,9 +1228,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5f9bdd62f78d..35d6bd0526a2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2341,11 +2341,16 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &context->ipc.osid); + security_ipc_getsecid(ipcp, &blob); + /* context->ipc.osid will be changed to a lsmblob later in + * the patch series. This will allow auditing of all the object + * labels associated with the ipc object. */ + context->ipc.osid = lsmblob_value(&blob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index ea927a00de18..9c1098ecea03 100644 --- a/security/security.c +++ b/security/security.c @@ -1882,10 +1882,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return call_int_hook(ipc_permission, 0, ipcp, flag); } -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]); + } } int security_msg_msg_alloc(struct msg_msg *msg) From patchwork Fri Nov 20 20:14:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922129 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD09BC63798 for ; Fri, 20 Nov 2020 20:24:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 62D94206FB for ; Fri, 20 Nov 2020 20:24:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="q3POIyBx" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730695AbgKTUYI (ORCPT ); Fri, 20 Nov 2020 15:24:08 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:43787 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730330AbgKTUYI (ORCPT ); Fri, 20 Nov 2020 15:24:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903845; bh=OTCSU/TFUOOnhF4YxVd7UlRaclXtcORtUX6Ijvo1JP4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=q3POIyBx8t1ypaQrXh2FUuyUqGaqw+NsVmNUOVnLZbbo2BdyMPT0WgEBv0OY3xoDiOgCfdiIkpxb3eGFWLM285KCfL+SrZ2Trg+h5hRHM9r0QsZ9yyZelEZ/rukvlU0xMTBfU386sGeDyxV1FZPOJlKW0pk21ChILLBc9QNY0H5v2A8M97OkuC2sd+QE7S4I3zD9kpExgjX7SZsvjg45wRCJrN5RPS6PLTpwFt3Tl7a8aVmcDfH+p7EEYSLSIhMV2kQ8OVZr7HEbTQeoMAkbtXh2+PUaxTfKCN06p6NgQ3UpvZfm0JkP9J+XwaIML5JlCTqIucqls+73CeSVyIiaHA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903845; bh=HF5r2semHTXIu9Qh5U6FCsYVno1vxysDEYQmUXUekRe=; h=From:To:Subject:Date:From:Subject; b=QP7mS43k+GjWJyUy9ellFmzcOKz3z678DpaOSDgoC7o8mMsGYghMEIqUAp+a+zP7dctUd7pwiWu2LkRCr4SSb6PKULIUIp5OM68hkLLCFMYBI1wyP0gySRJQtT3sk+b60eTqSzvHOww2JcXwLCM4zXb442IwamOWhyP+9+uCZqxMoF3nAEz6TCCw8PBmE5bdZgtrblQKm1NGWntEw4f3QHelhLDi6HrWaIla0WJWhTNSsDEqmLi55yrxsAGv9DJoyc4eU56LPV5WqgUiElaBZV0TmGa7s7/tOAt0aBxZpsI8tHmwFBx2SgMye9a+Zr7ZXmVj15ZdzGwfX8z14/F1MQ== X-YMail-OSG: If7R7yoVM1lWlUdez.Ci59Qa2rG81MdDt48q0JYljFUkb0R9cTUV1IF6yUxGIv7 HLpv.YCkDhy2SG_uhNJTPuGfOL.N7MKoHx7yLS5pm.YhSA.ORFdcitRWHk22yEUNTh6kwL3eksy. ulyQ3DJxznO.xhYFvIOVP6QInHUN63RKyN6O6Qy8ygonkH5xD_bqEV354GZAF0OlUssnfn1julsa m07L539woI3MYCclqwxN3uygWTkLxhhcT59DpifjKnj1P50uEpWKSzJt1aZ1yJ4OI.VGPv9uA41i ClHqCNbXK0lVT8XksuDiV4srGH.mpCrB0Lvu.BFk_FFqC6UicITW_bKxpmNLprjYL2jJi4nHsJZi fnJO67_eINZOX8pqyMe514ViDAUaRGPAMq3jN8wtnB_LmRA3_dTd3zHOOa3QXKNeaPc1D0Jb4prK KAIlQc9ZC5JE9rxrhu7bLrhzLofzgxBiTxMkbi1d_5kWpDge9y5S7x8recd.5Bqfad19Bix10Dgv ZItf7AWPBzhvf85PlPBno_OQrq9M89KjjzyznBmZbXJA6xdhGY_5BMtZxO8yQw5lB6Gq2f.RzV55 7Knh.GkPrhqUUWDtxEbAPQLioRtC.SFJjrd4sIPHDOCP2Fo6_6cI8VxuQZG0HMCEstQhnrYfslvf bn8ZdLvxiC73DIWogswdpsZfDsJv6uQNFWde1hX.0XAfCCo1oYUBMXLns4FJD9hHCaqncNHdUeso 71CmEJQaZKrPl6GyqpeAhcPzzEUnS_sYHzrfB40Y8lZFR._5kH_.A366dNnmC6Sq8dLjiTvkUM3p V_PU6poDmPTKreG2alOaVbh63o82BGIdzZGWuVhsAJoYj2yYSYtn.o6NTamMYl8Q6XdZKGZshHVD L2OF6Gwqjj43p0BSrKc6KqqBQisd5jmxNefanFpulA.Fb9qVdASXna0LXWWYm8oTyf1TMuOkjaOe XwqiSZuQjM7fg1c_xd9rJ6BiEbpIqC4HHPyfppzQLtvJ9b7j0fafjHzazwxOjbE2YGzFM8ejaXcT NTKLKRqBu7OV9QHJve8V3VPQcRiuBhSoZlPLNhLAj8w9bVw4RFyPFUVV5wRLxdSoOULJvOSzf3RW k64DGJ4Dne18Y1kXGPzXyMskAW9mbj6H4TCWrSPZpl5E5lCkyLtxFQZGlRtlczUiWPEAwqw4qLHg BSng5AFS33eSTcFGD3rvfKizbYa9sQuMudwBNzh8YpXwJMMJWej7zrC8a4QJwInr4hN9y7oD58VV EOex3Yb_ifFBERNJFhR_RtPL0vsH6EPhXnIxJE59VOmawg1NMDh3fGKQgW2BNfFSFqOkfYsU.hTw 8TfocLAgjxpuoDXNSIX6N6tQcojoIntR87wmOtIvhP5B4LwWFnrosJm1Ze3yIf5UNo9Pc9b5bBCw M1ulHu1rQlUQGjy78sn234hgnq.Xz.atk90MTbKXOzlkUhZamEQRJpDhmRkJ3vFJYqMYHM8ICjd_ otG.fJX8b8PcSTOK7PTnu9HvMyUDHkMyUKWL3LKdbh2JpyQKKjWb6xxYEWkD8lp_LuEwcI4dYW0h ccFej72nCmQXgFbrkwEkJDuMdK3_Z6dj4SkhkpR02GJkrqLrRaFSuTK5QFUIMnqBudy0uv6HfrVh TMxxZ.cis29hc9_F9PZc.fZ41WoLLa_S93PFH8EHa323fDpvbAv7DzTMHrwKLdc.uM9DTOx0tuaE wjwZ1PiV_5veTMWYOD_f9Iip2.aIM8n7zyRgfAATfXAZVe4E0yIvIvWhm7TIo050N1BDtrxKpwBH nf_opzTkL1w9sd17jF_Nuv6WpmjzIoj53tGg7AEKKD3mW3d222aFjzo8tKEh_e3v7cuDQ1avVmoK ioMcbTzVqpTy7ClIe9q9pyFWQgLXv7iYBr.tEkdj6q5cXiWrznoPLeWP.3FrklVdOaxwTSS2rf9G rVWCc.quiQsavaVuynTkwXxVCYqxsC.pGpTUA8wyGqyDL2jXoijcP0SYQ2PUXJUdWJIZgscX2Ij. ptPmrLh2CdFEF3J1OKtiqctlbSnl4hK5wVz3OBjZk6WMsXe.OP3zhr_MfPwlWHTaFuYsgk.9dILy Eg2jKHjwLSmgyZQcYi01bdBibyiqVsjlPxXhWZzVhoJ7wrDljjCGwhQ7b.R57AmJNdRZkNbYTT1y BlJAsVu0Iwi_L8yHcOKSxjPa3n1KHEJeGAzvflXORUCi6TjYkTMXW6Mp3IH5vD_FbPSNOze3UEVH VvQ0FckRRlXJ1DEQWhjo01qHjvNxzTQcAB1rOJi0sxIyqQQqZ7tIuHY3we1BSRE.6sVAowBB.TfG 3PKDNbDhNWIJQc_DGIy.SR.C8N3SWEwPX5VGhgumslFVpjoPU4iqwTd2c5wsq3a8QMzhKSUX1yg3 8iBTVfcqxZaXti3kA3TwhPrtoVc9VpdbDCLdrE5oIWxva3sBR.5S7POJqmkNbW4_EzuMj3_rKORh zDBkUNUl06A21ejgKouZs5JXmXCKvKTzr92byqOk0NYFErzxEucNDhfNwooFb5XMDrGS9FBz5D8n K__XEBKQ4xWt5QiaUvvN3y0xlT.C_iK5q1BBFopLma4iIU0vv7clDh00c1XxrbLyBWFz_A5aTQ8k fbAwCgWZlFmG2Caq04OcU06L2fpMoT_QP35JnT0au8lb2yJleESm0psUUDgicuxVXvlnO1SgTsJa ENjie3ZQp85Yv5BXzNexJtcgNduNpsQSJTK81cYW_r0_nWvOkOE5Gv94K5veAQvs8BlDMdNXs76K xRXj5YSlitAzFQO1Eje6r6DTwm7EA6TYjdruEoIY4S6YbjUaVjp211uIgXYrlVop26mYXXfXHkgQ _8bPZTQWH2w0oyOHJYWiJv.rXY_za6i11f3hFhl4YAEEiRkQkvC3vCB70ihfcrRUvtJk6rHrApeM 0p5rkx8chWEBFAOw65f3aI_xFbfo.KJIKb3clFiT9xmpM0lJUq19_6R6EpSk2vNoCXpBiUxcNLWY vaK73gLZYz2XcBR0RAG2G1ZqTPojXj8CgWorulS.HZjA8eqA5Vfsxiz2gLYlF3BQb8PdmqcXIqCT MwQ3aZtoWuHeabBRDThPZo5hA8yN9iuMYE0aGmoCOxFcQ8gTjjj4OVyS5Gi_PtgEe3NYneDACMV4 cTwjKZNl9DiEBQAE8MNb9x_OJnI.xfVUDabTN5zEw8bmbyuY_.EH5Bqr_WNfRF3Yt4LaDtbI77AX m7WgmG1.mOsPK49YXXua1Pc.1l.JBvzbmHHeAjjiTRWcHIo31N1H7aPan.ZuNJCm1hRysIyA.QbU bTCoX3TKwgZCjytoLJCXfmAmawGCNhCBdKPdr0kT1NJQDhUzZHvYLxN2IIpwlVBoMWDIeq3grPLk a9S.NEGhm34SGWlvn7YlpDSGwaUWn2wlwsEjrt7Ac0jQk8BlvERgDaF.BBjeXJiJXyC8kuV5EpkN 0Ey_sROuEwogQl0SXYnDaNNRVTRb.3jyUgTruZBJUg3bNVKHu3IqB4Yb6QdzZdLV3VI_WtcpX8IV hlA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:24:05 +0000 Received: by smtp403.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 13df31277140d5491dd9fbfc5f79afe2; Fri, 20 Nov 2020 20:24:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v23 08/23] LSM: Use lsmblob in security_task_getsecid Date: Fri, 20 Nov 2020 12:14:52 -0800 Message-Id: <20201120201507.11993-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 7 ++-- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 12 ++++-- 10 files changed, 80 insertions(+), 73 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 55f3fa073c7b..08737a07f997 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3087,20 +3087,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index be8db737da74..6b9e3571960d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1155,9 +1155,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 4cd6339e513d..9e3eec0a9c29 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2136,19 +2136,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2356,6 +2349,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2366,7 +2360,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e27424216159..9e73a7961665 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 35d6bd0526a2..8916a13406c3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -473,7 +473,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -670,17 +669,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2440,12 +2431,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2461,6 +2455,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2472,7 +2467,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,7 +2490,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 18749705a862..cabec85136e1 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1564,11 +1564,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 3dd8c2e4314e..2a18124af429 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -65,14 +65,16 @@ bool is_ima_appraise_enabled(void) */ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(inode, current_cred(), blob.secid[0], func, + mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2d1af8899cab..c9f1f6bddab5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,9 +430,10 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, + /* scaffolding */ + action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -468,10 +470,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -492,10 +496,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -629,7 +634,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -649,8 +654,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -679,7 +685,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -692,9 +698,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -809,7 +816,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, } hash = {}; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -822,9 +829,10 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); - action = ima_get_action(inode, current_cred(), secid, 0, func, - &pcr, &template, keyring); + security_task_getsecid(current, &blob); + /* scaffolding */ + action = ima_get_action(inode, current_cred(), blob.secid[0], + 0, func, &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/security.c b/security/security.c index 9c1098ecea03..421ff85015da 100644 --- a/security/security.c +++ b/security/security.c @@ -1799,10 +1799,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Fri Nov 20 20:14:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922131 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3FBDC63777 for ; Fri, 20 Nov 2020 20:25:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 53FDA24124 for ; Fri, 20 Nov 2020 20:25:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="taFDl1Md" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730678AbgKTUZP (ORCPT ); Fri, 20 Nov 2020 15:25:15 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:43217 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730598AbgKTUZP (ORCPT ); Fri, 20 Nov 2020 15:25:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903913; bh=kp4dWfdwZR3/duFNL35a57sdXSJgVd0rWpqs628JXTI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=taFDl1MdWUcnKWGjWWQvYrOjVfJO+Sv7wHUUP56vb5CsYr8TK0wEehFj9phr9/KU2DzGXPFucACNsM0apCwsv9TC29Z/RPsZh7j3Abf75MXeagNTjLyEd9LW3AIxrIl4Qcc0uZJUp1gRrGewdn/E35GuHMBWGHqv8SOEaeHalxM3gNyS0gqUM+OkZBSl/dHN48Q1G28wFN+gcBRqmOTF8lX0+Blux/QnlReinKd0t+Mx4GD0KzR7SHi+qYH7vQ4QkmYlVaBTNgTLJfo6I4JxOj5Lurpcmt2HVEvzDtl8NgkZHWhHpsHHn67BjsAvS4vxvvnvGePjv0cWGuqkIAISPw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903913; bh=T177cc6gmedjQsnEeWMQbEBsJ88iH0N6Vbvr9SMRNVQ=; h=From:To:Subject:Date:From:Subject; b=dHfCD8RdHvfSigU0O1m1zNMwJt4d8Zc8neCZUBqu2rzLkCfwiaVczn1AmjqIVzPmozfwQxYgMR5J2R5TLO8tgIOvHLhlH0C+Y2nFyasdcPGPx0pC1c/YSMguiuReMZEn8OJf1irvPw/nq9tPE3Z5WiCeqZ/q8uobi4uEUynR77x2jj4rdcsGD6zk1jJsqfxt8OUf/Gwn7rmsa9AMYm1+dip+pdA/8n38tgcti3NByCnzKpABWFHbUEclBTlmaWX1kclLi5MYKvv2fD9UKBONYnf5ynA4O4MQ//Zra8BGlKESiKSp/G95fzaFETp6ESUT7nHV9Ko8jHrJuWwForTPzw== X-YMail-OSG: rFKwizcVM1k0GQNDH8B3.beB8IcCI5XoEo28AdhLACD6QBfIVDUR8sLRRa4pyUL ljeTXnEmDqTegVl5AnjbWLHs1juvfx9SVh7DqB00tRd14JyYRZBE6W2IQBH7r6OrbbCl4WtRbuTC tpMYtEPVvXPChwFfmR0NWlsURI2CNUTGv2lFx94EObisydryh.kU6e199YUSTzo3y6xjFTipY5EF SFAsnKfG7MRwAsGQ06n.IjVPmZyTrH9rw9yMvJqrlgBJhUtWzPhIwX_25L6aQ8RhALBH3mPBXws1 hjb235Nck8y_8g0iqrkE0jSwkYK5_c4ndYYZ2gt1puxoUKo.kJczEVyqHy5sm_mMizQPVkaSEbzt HPJ7NTwHgBJBgKl0qNRy5wqVz.iDHgRW.ohKDoPDkK6fgEYKxA5.ijt2vwBkxe6G7A3QL8SeZVI2 EGIe2dX_zKzte6wIvCCutfl7ZOjeZKHs3RdQ2pab0luKZQnc6egjaw5BOBkIdi6OwudRRz9TrsMl TtjGxaohPxuAoFf8u3MgHyyFREM1V0EK2odqN7BdOhAS.bnUULFrQIBo1sf6SdE6XiTTp4OLMdS5 p_zkf6xt1JoShSZOEao5eAQKjhD6T7vAIYIJ_bHgw_okwfHKXxUAc_G_eZi2bNsnhOTiprJ_DD45 KPTW1Hz33QG.oNYjA5svYdmin52ymXifSfmQteQ7rDcewROg9z8wrG7lyF24uRcZSHRbTVi5axeL pY7DZpdN3mkpCKxfCYbg.hciPyJQ2yv4r02VnOFE4tyFuTo6vY7y8DpsBnhfncNbEXkhioutMxDH 7Ggxj7yWw2Sm4ELVOjx0jiqpuqysbvlVPmIUf8aJ.Z2wm6ceKmKP7AekbbXBaH4Ab4SmfX2zE33e clNtRA1fUPWtwMlvGJVYu36DIayaxHZvYRBCWRKNjXd_b7Pmaj1kefPGud_.TzFnwGi86cXtbbPL F7W6NqJrmLhVZyA2jzY6FpKFsTkOHv9Tqn8dEnF6oVnkZyCsVT9XG7f._0yovx6Q9LLrjLTM49aR cGSPyNttjelnKak9ku6TO9VRQ4aU5wEPPxiD8XBopW3KaI9RKeAX00DGIXQYwljwL2UGj0qxFaVW UeR1ML_w5AD0kcIXpwdNQ4OSOiBeCh6gK625gDCVWhBfofbYDdO7J9oCzs119UyPyc7Q8tlTY5po 7pOAYTY6FUcoSPPVSkqf.mdX8DvsnKxNpxTad7rC31faQKGEAUBT4_1_qgdeUgJnjg_.ELSQKLPk N6OI68obUUyL5bhyepaiUsWcTTeeEiIbcovTIax81cnRARoL1BgffAFvH158m1v.kZgABqBDvqAV 4mGN1LEMYz468IHacWwTp21Ipp66UWGXfAjlEXKZP.9f9H94b9plTBhfZyY3WnhVHVOeS4O1xzM1 kvOG19849Xc29_KI2tMOpuWqsPt9TLYc4JW7vEhweg1fR0BstxDnLt3EfUNdpGh7hG.NKGVjoWXC SjRxhtyT_zgu5UkBLhVDVnhVzTi3nagndR24DHM.Cn5B8OMma_30VDXlO0lx4JCqPobL6dqu9HBE vgYu9jQbTllaTTt92KENMTvQaxtRBexz2n8U5b.Q.Zod.wYwLwfTfb8Hwi6BcKI4oJuDOelpFKkJ R4CfuAojTNynKvtpFYYxJgPFtuMyqazk_F6mqc7z3iDM59_OpCUXEFkN.7vEffGo.DArPxdFMGTE OeYjnpcA_o_6AmBq.FYI..l7ZMi.qSyflSCkVkaSoQTVHxoJm5CQ4at5Ul67uuaIC4kSL4PUdqJ6 lt0KgJZV7BcXEslNGD1UzSboj0sd7KXPOm66Ha.iomgzBeZP78.bj.64eoWdNNkwVC9CljdrcSoh VrVxARcb0avlIVgh87dSkC4hBjNkF3pYEWvKbJ9KN4rdr1pFa9xW4SAzolWDheqawQgXdSqHgXxa Wr_b97_egVB2iohe.gLedjk2Yh3bKrkbZEYprUrL4n8zDGVCx1685HzY_p1FvWgB0RObA9eYKAxU x1hh54VGofGpfW8ZIRyGZll.E.vbthNQOGpyqy_DkBKQEedfWz_8rnYAR71yDr1zNEYD563Jw4Xb BLuCsmRg.LpL.s5xGM09PFa5PjCAMR611zZcsdzOiB96j5xbdYMExlF9I5slZCttJSimK4PGLXfk w3F0KAw.rgpVXY_owV8FOuv1ANIBO9dTIZGkZf8aBtdh1rUb0EMnn7OvcY1LkXP3b9YF6xZvAYX4 qzuhWurX4dLvBNDEp8GlFUfk5cvSJLNbV3GAIdJPZJz2k0D_VBZ_fOgYphzb_gjYaO5vHsSxjOUj rW4HWXo0RWTS8xdR0ry6p9Zp6CFcQEti3zIur25hMG9cNyP5h6pfmwmZ7XqGb1b8WpFCYNgrv0ZS KSGK3Tt_lx0IeLa8BImMBt1KFrnZ7uI0oP967j4q_0yvBXcouO_eN5LYDMH2nHz9o02ATKMUXwzs 6dYLOi6ZkDTZolAkdD_.iGrgQMqSRfriQ5HdjtX2jDJLH9G2pSn2k4GFaizOfpMD.3muzwAGDXkf A.CQbspb.UfPg22Hulw8dZpM9H_2EGTFSCog51DayhplMNrtgzkxd47SoS5WvsgnU.SSN1.RzHKj 02HC.NvpRdkzuaH3G0Mye3VNvmKBx2CB2g3pyuUvSv1k.zAI3OyDDkM3hR9f4_ZsXb1d6h2LN5LW ftXmgd2.yxhdcQvzXyWpBshAHa1zid38lJ.cuC3A1Bua3xOHLyqeau9IXAo0CE4zZC1idZN.qlr4 UCF2pEytUyL7.N257J7FZDfw5xAVtw99iCMlFX30Qqnnvg9HUFWBqbozZJ6XJvvdCBwPW8UwwCwO HlEEBOFRFcAAxrm.EiX90bKCA93kOFz1NtEzCpMwUNkkzR5ngCAuQNWp1NZm.SCKV9EpJm39KhJD KA8fxp1lldrzDefwLhLclS7Gt7EH7K6kY0Xx.ZlSFxi9EQ.VAX4_4TfmVvYptviv6vEwndnwh8mV vfcSTs.AY7ZxqU9oRJpl8NZOwq6sZ2TxHDx5CrvyfnS7KB4hG9iZwjUQSI2I67mQ5YMZ1WJA51W2 oGZ9h2w7ARaADirOnIV55Swwp4Jv10xgGtA2F_9H3QYY.t3Clb88PPb5kl9Ha8m6oi2PxFEDUXLI bdM5iwf7AcPHMyvbEIP6rimuHdLW9KemZwrkieyM2RoUVsbNHbz9uJ8ZFEMXgQFEow6TEo8qjGmZ KtnqJx45fZpt41B3NSJwrKCR_83Q_M3TMW.ZiydkwjbSYSEOHryTolYu2_Z.0xRwjVXIGkshz8T8 Qv35piuOIgD6u4Z2T7EAcy9uxLutem3rinlELwVbDOP4l6GxwTFHgSEUrg4b76S1G6qdzd0yVZnO 0mgSKVhaDRDxLd15a.U8Quo93v7hr5KwfvjmUY2JP9xC9ap784b7OtTSeTrUqPU8CNKvbCZlH.l2 8jw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:25:13 +0000 Received: by smtp419.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 75f68069faadaccdca8e0dfd07d5174a; Fri, 20 Nov 2020 20:25:11 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 09/23] LSM: Use lsmblob in security_inode_getsecid Date: Fri, 20 Nov 2020 12:14:53 -0800 Message-Id: <20201120201507.11993-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6b9e3571960d..a7968dde27c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -436,7 +436,7 @@ int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -963,9 +963,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8916a13406c3..b58b0048702a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1980,13 +1980,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3e47cc9b7400..bbf9fa79740a 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -561,7 +561,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule->lsm[i].rules)) { @@ -574,8 +573,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); diff --git a/security/security.c b/security/security.c index 421ff85015da..f3f6caae392f 100644 --- a/security/security.c +++ b/security/security.c @@ -1443,9 +1443,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Fri Nov 20 20:14:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922171 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02796C2D0E4 for ; Fri, 20 Nov 2020 20:26:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7DA3D2415B for ; Fri, 20 Nov 2020 20:26:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="jHi10s6x" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730645AbgKTU00 (ORCPT ); Fri, 20 Nov 2020 15:26:26 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:40871 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730595AbgKTU00 (ORCPT ); Fri, 20 Nov 2020 15:26:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903984; bh=ociN9rc5MgUa54JEw2DtkHS55iR7GBeupgmmWIRrLO0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=jHi10s6xBX8WVxwRF4C+kwiExKI6vzdsmnfk4Qjvc9z9KuO5qvKE2z0NR3y+787KCnFvVxR+qnc58zYMvNaQ7+TRTeqD/bPFkSI+RiAQRD/MW1I8few411tFAsRl0d21lbWwY4GeZ+VhC1QY1EPy9ZG0ef29SOL0vCzVUrCrWiJGZtMHFgMmn7HhYn9XNb9ntISE6ZPJQxhSNHr7GSdgg9ClQZmcMZb1mX9KBm00+t4BAdDaIu4XkrntSY8Q7mrB/LF2TVlOQ8DuCS8yc/2AdMzOpK0LFvvBk3Ym+Ix2Ynf11xf5RYJaYtuE8714TO6LI7YpmcJG5TiHOdrjeHx0kg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605903984; bh=lCwoQOPY3YlAqAiLhuxPVs/VumTMzrLLbDV0aQV6f5E=; h=From:To:Subject:Date:From:Subject; b=Cd5RryuY/3v9bQgapmn8jV1Yb9sXNniI+G3tjsOpH5vuYlhz01Fei+/jWOEI8DFd8IMQFqk8j0VjuQBrAsrcwyamPy3wzE7VG0Dq0Njet1EoC6uUIZ1CGzad25hcX17bqH4NjQs7E99TB5i/qMJyUOz4/tAZxRXtt541l+ZVeQaPhq0QKzTlmHt+uBv1HOQ734IVrtHv5alUUa2JHgU7ESS1q5D5/sXk4CwvmmhtJzcrkmBklgs+I0c8QxH+PniBUiSxzlBkL10E6DPjDGtcrONL9ZmVD7rj68L1C9kUd6iTLk4nUF+kBSYRN60SBMKe6x3dig9xeTYTNYLTB5wjDw== X-YMail-OSG: kBvy1OQVM1mQoZLm0hBp_PE0.zTAPEmL7VtTFZXfhqDlIjbi0Tqsblv0rdlNczD .nKTeV7xFSRp2bVBbHp0Y.fZI.1pzDxI1I5KENKSy6Y6Krt6IPl8mKqqPyy064xhMTlNMFYLsIdI bteX1XZu6mCkS6Tuwv.erXRWNCbfaJ15zCLuYFFL8oNohEnODGW.2znQOG2Q_EVrptqMZYLhKNdW QEqV2KEbhN.4cFyTtKMTdVoP7i5rca6g8kuvLiehhgSuG_BM41N7L88MLcV_G5CzXQzrFfTNh_yK aeAw22qBS2gIlksN7FQJYehjWWYrMg7susWxZj6qL1nXLFS4g7a8bkE.xgRrrnVGMhFcbtCFsMPr pkjQbEcdupSOh3GWs2XHz9jxJA5iKkniQ6eZgi5K2bVrXnOCmcus0Kmb.ohIPAE7JcaI4C2Tn.8L ma_JGJtWimdeB0WBcQ8PBNiXUOBQMB9JnbZf7P6k98CdjyUUUqPByEYDJN9.WIQ_xCAETEqf4xzS yJ4H0c0_SThF36G18JVubRQpKzwmZIYgKEgWXf.FAKRW7XDtcoLWpKkGlZryyA2XQAbqXPvWdv8D Nc2iP38rlxw3WCHfNc89jSeRXDS8oGNIhiyFGDCjlswXEaxIamIS3yrNF07dhdK2boG.cwRDofxd ZeGbrUsuMZl18aWdmhPKuAPijTysT9OiebDZu3YR7dI_2DyQzp1dxNnaBmcjShm.JODcEwc_hTE2 ZCk9mD0GGOeVhpXv7Px6lm4V2M30D2P9QhG_a7X8zsfDjoOuOtwla.DmMc2ewgNALSNf106b2Z_L EzF.JgjBzoYJHdnlnZmtwB7A.37qbyD3462oyWd1ORgQE1hOBxk3JEKVJ7Dd6wU2MZDlZNkjc2Pi HBrNCqH9UsY7gVLqLkPTDwkm.40bVtduTRf.vGm50280CRc1LBXIB9dXHVOG1NVVZjI50AVedIfm ZmhC3rcNvxKRZQdR5cq6hyjgqMdpkFU.k5fAjExJT.FYBEI6hEVi98o5eNcbwjFmtk1wguKWNlDS SCaOmSAitGL7FfCBXhValtmEq4aisGPztA6DgFSH98ue5UpigTtSd.4g9U.yfOufcp6..XGSb1LR gXCYf9RiwFljFXzClwlwPTjdxTa4iS9foQfrYGQEWanw1UIuF08DQmkkFi.Vc3OKX.XusXzT6Ix8 tQAv_8WmuF4X4ZQTcFX_ulBsjjl2tJHxF7YhSIhqpMI64m7UQGeOQbWwFE6vqTue8VfDfDMNLSrs H.5_e1enL3zISpxIU9a7IX38mAn4oOpVsFts2rVbe8QKzS5UCBbasq6modB4loB.ON92iv9cEba1 z8Gm.errEbJILOClpAO.QSuDA62_bS.PFOefmyPUbdnDxchquzCWyee.ChWXl03wKhvIhe5NoRvL lqbR5zCqLgbQOmbi34UF5HAbKkNa9lEvtnK5n0VUaDk1l_Hh2FPhJitP1eHNC3C_Fadt37oUa5AG wTsjrZK.rD4_eJs1lH7GKe4E7JG82JRl59K95c4q3MeVTfedR9ElaI7hRnBSWwDZR5XdG3ySXt0. 44Nk_GnymLxA7UHweykolwq6LVwejXP8aFJbm8SSN2EAeDyyodExI.2AuAP0ude1ZX7vhl_9JSRs TM2APCGeKHr3mgR.bq1ixOnDdD5JK3A4EkKTfr1UDqSTJWEE5Ve6OwMPOBcvzQby2CZWRiY9QIuB JoEz07w9yEJCbn84zy9E0juaFDiI2.L8n8xVUAHysMLhV1v.kcPZ3s5s0d3w1l.uCeYSqqiBhEO1 6hYMzuXKGbxzWzVB2bNp78MS6ADpub3s6FIlxWnyzT911._x2fncxayyzArfACNF3QhJvMpk0abX O77HCLG3xTde.4BLN_vwcPIq7kO.tTPv3uIv.75Z03VflqIwI.HhnrKUzvHGK1l2_FNmSGcpee0i gfr0M31V4PAj.PYgNDfizH3etSBwQsm_UaF.xJ7ilMwFy_pR5FAecLvnjnpTQDyHRnsZ5NcmWLB9 RiYPkcYhJhEJgZija7U5riJjEcYTKPHTW1aHytAcGftMz_dx4WxW6bWz6l0k_0_lu0w7tZuAUe5N kH8rv891rBTa7_KE0sLSnXm.nIkrDkDQut_kV9snNSI_dofeLjoe28i.K4VXzZAmp9IC0NEbIn3P _u2c2arSOVTjhnljBIoiVQZ1YI7kTZvACY2jmcmNtX7KGJGbOkosBtfm.eA3s9V1P6qID1dxvaik CghGKW_HNwSk1h7ehvlkeQ7QTA5RfDAi095DSVn.sz_k6p0tpfwuKzZCBLBTAW09e3qMqT_oVA7i fuihMrStPiV3z1NajiJGQSO6rGEx9IVUjC45rOvDXYVuzTMLmjJ2zb3P6yxw_K.wIQgZcBCESo63 ynRqpRzp4UVfFjRT26.8X_h_nwI9BEbaDfvOwGfNZGG63UjAb_e1fXw3iSAPcSz.bBDrkTnDZInJ AJrwrNjwoGOP4ZxCqwbVmRUfotqnxkfJd9cR8_u.CxWDZ1nEG_Y0EEZgjuW5qslEASneX9FRSBLP Yg6Sq9CgbfcqQf8zqTdisau9zN3HqeaJfWH86YVeKI5xx0FO.ijohM9Z_H0LbAtrXRfP9cqOoE0w 1E12kwtRrBVxyMT2YLMA9Y2P4SjoLf2ZMrioAq192BvB0951GKED.V2EMDrWdJyCdNlZArq76G7g t.UIh5Y6iEMEm9fqZdy_aw2HPuX4ghHZSDuZa.5HFQHHr0DdYAgiILTKAc6YqNuMMbS5GLXOlLzp 8LGkdcCe.S.VDDhzbg13PiJVKgfd_p5fMc3HEr8z1V0n5hXvPQdAfdKftxahkSHi7UkZD8DKjj_T .ub8GsU8qjOYUv_4qLHoFVlYVgWYKoXUHi63DEpt8F7WGJj20IOZPYHogF5AVhqNOh9YUrS0x3.. fV35vK37aH3O1GRnIHrktbGUDW5i2hERU7RwbZ_DKZmERn06l8dG4lEZpPOhzeEp.b0LD6Zg6iUN 4kiWK2pzT82c1oUTtLqXlDMUsd3W6C8uylf6C_zg8HcW0.anLenFmFeUKqkk1DR0YmlTnEqACIcy L3v42aO3TPVdTuN7YTCpVfcxuA2g4K1VfQwMBBAyraWqKwzx0QPgB2V.CEYaIg9CJxQZt5rnvLcr AKfRy6NADCmI51DeBv3zecwDcnjI7rGHZWqIY4OQz9hAPBDltolkreocuhVNzKIyLu3bVEvKkeuE zOCpSKdNlAMQWGspQyxe0TntfjKvvrrXKBU787Ab0uNcqjb7SDMaj4UzK3EyAt3qkby_Li1g3e1x TP8ZeNjrUEwxA3BPPX3AEm8fK9A39LlLygoN8rq9VfYXIvY_RgsONQ7_XaD0i3WoUmPUnaq1fQa4 n0PryMkP9cyxNw2uS.Mk_oq2izictToCzgJEaA2c8My3XFhuIeXkEj4B32TCUbgWsRRs0lTAsjiQ - Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:26:24 +0000 Received: by smtp416.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ec3a54960ce6754cc1bf168bca538386; Fri, 20 Nov 2020 20:26:18 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 10/23] LSM: Use lsmblob in security_cred_getsecid Date: Fri, 20 Nov 2020 12:14:54 -0800 Message-Id: <20201120201507.11993-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a7968dde27c6..dacd64d2d141 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -463,7 +463,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 9e3eec0a9c29..1f987ac23e90 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2349,7 +2341,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2360,9 +2351,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 3b9c0945225a..ce41886807bb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b58b0048702a..b15222181700 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -113,7 +113,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1582,7 +1581,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1591,7 +1590,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2435,15 +2434,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2459,7 +2455,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,9 +2466,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2494,9 +2487,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c9f1f6bddab5..e2fd092a1023 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -469,7 +469,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -479,9 +478,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index f3f6caae392f..78aeb2ae7010 100644 --- a/security/security.c +++ b/security/security.c @@ -1693,10 +1693,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Fri Nov 20 20:14:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922173 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A97CEC63777 for ; Fri, 20 Nov 2020 20:27:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4E698206FB for ; Fri, 20 Nov 2020 20:27:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="TQRrAoVZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730598AbgKTU1b (ORCPT ); Fri, 20 Nov 2020 15:27:31 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:41212 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730646AbgKTU1a (ORCPT ); Fri, 20 Nov 2020 15:27:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904048; bh=XWyk0JADyyo2acfofHqJ2zRfDUHoIQYgdTRToE1kkCw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=TQRrAoVZrb/9Qw1hQGEXz+i6a0m857KW59bEt9qnWwWmwkjdXUHVyBhoZea4nReFqMn6r2yC89rtFd2YXdVfaeRaZVV8GPZisXhQPwbUQ65WBIRTVP1tNHCakagTndaso7OoUKfui94xBqnKSsySpEdVmD+kOmRNpDTogsgtiBzGtTATEDSceDTFPl2Kt5ZxLeRJLFciRQlo1TffX9saxwPV9c6UjP43Im+/PugiDJYQnf9CcMW1ATvPUFO8hNP+Trdu2/pEvKp3IQCU0TBnqlfJdM/zRtGTLU98tTatzfjZESKqxirn9U+AKsLxn40gUAlX6VvKeJl0w1eKwaCAUw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904048; bh=TESIWD6Pqyx2X94UUuvUrfBMsUY3OOPN8yg97WTt6MV=; h=From:To:Subject:Date:From:Subject; b=kVr8NFFpualmR6hcZ4LtObGAqkjbSbAjXmfcIscc9d70zXBdLjQ9nu/EgVGgxXYMxlhiJEMVYLoJiWZwkaRply8ZPdLgKSJLEPdEOtOLdjmPASyqv36pkQaL+c4EiaTtSCdXGJJn+u06mhss5CsNnKL3JJ5TP6GcVkYtuCaPA0CNy8vjRpoLwGIeF0EB9FS4lflggg1dB+BF1k4HFUWkLOQ8/sqS/o303blMwYJOXkoGhYxEhuWTndmC7aR+Tl9+CsKdxBxh6chcEJIlvg68WxIhMs2QWaPcSokIKNvn4/1s8XmjY+Uqot+1llBtRQZAHmvb1BPfjgMPfq+GByPsjw== X-YMail-OSG: t7iiHXoVM1nhbuS9swUS0euISNnxLIlp92hVwvwkgxFUc5FedXzj8ndrxFKdYfv DNtOXC9ZUYzP4fTI2j3ZfpdYU.9W.027NcE5L1pKoyl8qT8Es6mLfNhBGoNo2gHG.cRCGp8pvNS. CFnKNB2sUwZIeqSR9ODer6Z3n3cyFpdIiOdgJ8bROvv6qIqSHB8fjJEBgxOnlH3eFw0pO42Xd2y9 _zki4q7ieM8xCvAtzptVUYmU7ym1ASY92txd9RrNGme0MF.QErOBivnRJkKXvfwUO7kZpA2syJoY mBzVAF26Hdenj2tqywiXhGz5NDkOrdlmk_A1T8Zs0CocpAj79LX5DPZp.UkwnuuU1iIlYapTtCrC .U5zdQDeU.KYGqpgm_wKMpi6.5cj8osnTiJFWzrlSEb758MIdVODRiYyBdiTnvaXOA3.GB7H1Mdm _jCoezyHMekBu5B8n.N4OhUBSKXV6B.UJEQFU4kcDu9m9RMqeN6lZH4nPRNIeVBFH2V6WDU2YgQQ D8UTJx6jwp.hUdh_6eov0CwKC6JzmbW5rVHJrMLJ9iUMxWu9ThXK6FOtwsA6YAn8QdIF09fcAVwD jdjf9pPhl3THBB2cd6u6llduUB29VHJOHAlrxqMU09FzE9CYEtqWnESxJ7ObwcVwS22yK0hM7ICI i6eZamHWr3_7IZTH7Jv4Jiux3E0_ERi3.gAVuxeyibayyItShSHHLT43IJ3yaCiFoVEogXKTxlAC tIKlHJMhGaqZyiWhEwgf9GVomtAmS5KwwN9uvOGMqfjj9e5sYIY4KFkqKkI92rN9e02ywe4fROQF lM6gBvIqYEEBL8Mag7zui3d0HnXFEDueSb7j61Dg1LLgimOU7Yqy_cdop8iO7V1.QfbgN1wKsMPN GgLe48UU5F0wmnqzpVqG0_mnZCMYiZfx0kRT9sAAWamJi6IVyTn_24msTzwu5Dxd5_f7VpYGoFyY 204EpjQy9Gq7vb0OtnhCC6T3igJhWrp9klSUC5Y2V2wk9JOIlj1ThXapsR81eQUHguVNFZtbKc1H WZ_gCh7ptyP3Ad5bzvYmdaVNZAxd40RR1O8IWLoCr2Y3AXv9jxFzGU6eu5wUB.EdshrFR1kcWrSe riKy0X5JpEAu6XzKEme6mL7iJSus9vFW4OBmXh9a0AF_m.21CeZ7z3m6fAvFAvbU23iId.jVi_kG Hh5LCzfn0zJsAkQ9NaaigTILC2Sgi5tGG5iWZ2cz2RiitkY.GhIPjbYrJASlPWdmT2jUFKMqSVNV OuXLtkGhpabkiks5rBEuS92TVHOJqXKO406VerVI2MQsgTy9x6dlY_R2.iZ8Mg6.X0x4_f9.uNMe jDN3IMurIfQiXlK6BDv0Y8SV5vuOJmgSWb6vCGu21ClmxB2IfcASgdO2KpWaK9rQcYizfABVhYkm _VmV.Wjq6ofzdLXDygJrPJQ4KQ07pL4hQmrmby59C45_JVqj2TF8U2eeh0HtvmBlEdVsQ9ZudngQ UUHHOovHURdk36Yp4Yc4Rkw2D68jm8LJvay_j..3THoWPIWiH7mOIUV2VfYDHpp3UUmpUdSkNh_0 ooQoMuI6cy41A7z9AgLl7_82J94vmYyx2Ldwk73igx1.YmPNGd8p3kdo95SgJblFU7dZAToOHLEc EaV1R4bxs6lpMFiGbDDoG1fZdMkNH6HrcUxc2b.XpGLPLvxqiAOvBlFnX1_KN_i8MU6h6fnZ6QLs JTctgTwhw9PV7zoJCiTY29EilLdwh2N_T14ko5xcNyT2FUnvlwMD3tNbR4loNu0NKzvHJ83vWse4 EUhSl94NvzKJAeliHHeU4sPmU3ecH8RFko2fjYkM6zkvH7c1EbTyh.fyBBMxazab5bIunff6Lsf5 PE9n0dpxF6beElOFYRdnNkyd98QYxybqRk5IfFQtLC.T0Ltu8dMlt4fnP2aCJ3OQxQ7vgahqABbi QW97WkIyZHDQ0k7k_ObXM.a7lKo2ZT6KkWcVhjfxTbxgJv9oYhVfw7ri1ir6bf75rKw75VqYJQuz Uh3hXE42HmfVW9fMnkBa57V4MQtkLWbrtSs3V7IlwnRfbbk5N9a4ylbqr1ALK2VlI.YqoQA3ajLZ .IcufwymED49_fru1dpEfubrxILqXShsfgV4obF3djco.zrdq8VvQ6lTA6CoN66DmLG8wqOvsos1 egZMMJW4KCssDBuxiEqWPGXAsLE57YZWrG45TfEAGLigkdjwmCLBV4N2r161hsyvn8jofePuZi8F cgMcvRb1uPUwNuzOowcTWmZedzz5btJ10mTAzKWqh.vji5xjLWPnEovUNzI6Oq8Wj_SJGQgiUWoY 5fazxqN1YQU430xZThGQfIUgq601DIMfBV2d3Fqd.H76NydWfPzD1fS4pl07Waki1PVYi5bZWC2J 7nYgV7G4kEI.zC5h5ctzDsmNBWXqfLSplshwBJDqj61EL6afrV0unF5SzkHFTz7srAloF8gb319L 4ikfRUKUTl93S0HGwOgfYPWWxz7f9TLMGs0qiFHvtMftNKyplLcuKD6hJ4eCYawRffsq5WSwWlwE tbDT.VnV8stQonVhjb8qAJhNfp14wviOE2vw3_KKxNRls6LciJO3wcFzyzxpP9pAeE1Xcae4FnjG TaOhRP.yRCDt9CwVBGm0bjwUnVoos.yTtNfcd96fDEFZiHV8gbT0DeEVL81gqjCl.6cfcCL_yUSd Vq7rRaoDxaRYc9N4awNjhU1avScf.lKbm9XuCV.E44cdXbbzraKlrNHutwJzEhIQOGkEeOCNBjUi RjH3SHBBO9F4hAXS9vGhHiUxYG.l7FV6waDuthvWyY7SB0JpbdN.ogKO.q22Y9PKBs6iekaciS.H 4kcSNjXud4VZTiMF2IfQNUK.HQDeEzLAkdWSnlaF6l3Vc3r0g8SUGt92ZgZoiVld4eJm_R6AO7fE 9U8vVmhOhSblZvLOT_ic8Cj9CdUlQBXTdAbLrjSGcVSUtD60I7K_neRx6zoq9QYzr2sdkDtHe7do 9q4tozQHdqv4EIYVchFUVumRFktldeUAm2jgJOH49tEcLY3l.bKulajd6pobC8d1QL9Slnu.PpTx jQWZ92UXz1BLZ64pddXWH7N53TTmc9LzzN6TJhiLUMwal_5ecvpuvvNb.Av3zzPHDj0IGUyqP_J2 oW_SA0WlY9OuI Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:27:28 +0000 Received: by smtp421.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0b8368fe1fee6c0cc7a1e63711273346; Fri, 20 Nov 2020 20:27:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v23 11/23] IMA: Change internal interfaces to use lsmblobs Date: Fri, 20 Nov 2020 12:14:55 -0800 Message-Id: <20201120201507.11993-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 11 ++++---- security/integrity/ima/ima_api.c | 10 +++---- security/integrity/ima/ima_appraise.c | 6 ++--- security/integrity/ima/ima_main.c | 38 +++++++++++---------------- security/integrity/ima/ima_policy.c | 16 +++++------ 5 files changed, 36 insertions(+), 45 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 6bae2ee9b251..8812e9b9fc1d 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -252,9 +252,9 @@ static inline void ima_process_queued_keys(void) {} #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ /* LIM API function definitions */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, @@ -280,8 +280,9 @@ void ima_free_template_entry(struct ima_template_entry *entry); const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 4f39fb93f278..e83fa1c32843 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -164,7 +164,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -183,16 +183,16 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * Returns IMA_MEASURE, IMA_APPRAISE mask. * */ -int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, - int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc, +int ima_get_action(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, int mask, enum ima_hooks func, + int *pcr, struct ima_template_desc **template_desc, const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; - return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, + return ima_match_policy(inode, cred, blob, func, mask, flags, pcr, template_desc, keyring); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2a18124af429..7c4e43399269 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,10 +71,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ - return ima_match_policy(inode, current_cred(), blob.secid[0], func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, - NULL); + return ima_match_policy(inode, current_cred(), &blob, func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e2fd092a1023..39ca17586c6c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(inode, cred, secid, mask, func, &pcr, + action = ima_get_action(inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -432,8 +431,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); - /* scaffolding */ - action = ima_get_action(NULL, current_cred(), blob.secid[0], 0, + action = ima_get_action(NULL, current_cred(), &blob, 0, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -472,16 +470,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -499,8 +495,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -655,8 +650,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_READ, func); } @@ -699,9 +693,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -830,9 +823,8 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, */ if (func) { security_task_getsecid(current, &blob); - /* scaffolding */ - action = ima_get_action(inode, current_cred(), blob.secid[0], - 0, func, &pcr, &template, keyring); + action = ima_get_action(inode, current_cred(), &blob, 0, func, + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index bbf9fa79740a..a95eb37937dd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -508,7 +508,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @keyring: keyring name to check in policy for KEY_CHECK func @@ -516,7 +516,7 @@ static bool ima_match_keyring(struct ima_rule_entry *rule, * Returns true on rule match, false on failure. */ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, - const struct cred *cred, u32 secid, + const struct cred *cred, struct lsmblob *blob, enum ima_hooks func, int mask, const char *keyring) { @@ -581,8 +581,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rules); default: @@ -624,7 +623,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -639,8 +638,9 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * list when walking it. Reads are many orders of magnitude more numerous * than writes so ima_match_policy() is classical RCU candidate. */ -int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, - enum ima_hooks func, int mask, int flags, int *pcr, +int ima_match_policy(struct inode *inode, const struct cred *cred, + struct lsmblob *blob, enum ima_hooks func, int mask, + int flags, int *pcr, struct ima_template_desc **template_desc, const char *keyring) { @@ -656,7 +656,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, inode, cred, secid, func, mask, + if (!ima_match_rules(entry, inode, cred, blob, func, mask, keyring)) continue; From patchwork Fri Nov 20 20:14:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922175 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B04EC56202 for ; Fri, 20 Nov 2020 20:29:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 51B3D22464 for ; Fri, 20 Nov 2020 20:29:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="XukHYPM/" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730635AbgKTU2l (ORCPT ); Fri, 20 Nov 2020 15:28:41 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:40928 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730892AbgKTU2l (ORCPT ); Fri, 20 Nov 2020 15:28:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904119; bh=T1v/KIijj4iecht/1bw+i3zdVTjYK9DvZys1PmLmVZ0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=XukHYPM/FdA4bCx/LwcQOH6UX5IWzC4F30QUjiWTlyg6RM3tt5FHuSigPbqLrcpHoD0fD0BUnjTWvUUUJMvtFURATahfhnAAiqJAXG1aoe3t0/4j9shszrbVCFn/BncgyvMi4bZZsBb9VHJfTqSlq9OoBzBuifJhfuyP+IJTBTC+jY+bSUN3wcxlGmzaGKpNG2Aw1sK4MBVvOyOpLwQvDzyIGsoyIpEvZxw1N3g4Lg02+fvJiH/FSm46rCHOmVeavdaVhg/7ISTNpW5YQt9XuzPTgpe6EZed6mK+/BraxebBXmf2tU+uFQB7AiVtKF+13S48vFzxMJ9Bj/nmK0iqEw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904119; bh=+QpW5Yb3nMG9cgfvmdLG1FCxT3cEdKuN9gQRoUGjMGM=; h=From:To:Subject:Date:From:Subject; b=qycj7XmW0KlTCw7RJwwsMGfErPKUjVqpJVQMlAE33IRvBKwTOf/Ivnjfn2fr/yaseZC/VrbC/KZBj/+Eb5UKvD4D1DL6/Oua8eIp1LpaDcn3hasutT19+c2V129txcF2Aq/qGb+rhOU2E369Hi/1tg6LnYpidSNLzRN4Yrtxob0Pth+0iCeXqdeid/Qo+yyTSMkGzBNHWKEjRLJ7oVMYJwcEqQM4QvLzbfAD95rsDLQD2YYB+r5EdCTSPcrruvul37LBACnAEnYWVypgwXNUM5TVYuuWrQuL85bHaG7MVssBVgPnJPWih/upd6hMK/BZ+T8CXViFXcJXhB5bYDYFkg== X-YMail-OSG: DtQYuHAVM1niYZcA2zQHjC4PX03TnZa2iCdUXTb6ecfMPtoyX045ODEbxxhn6qx irIFMMd7jG7Oobf1CG2gNk6afZWvt3wxUBdeH9q70XaqzzgB6WDIVx4DlHtq9gCxvPw6b5UrjVbT fF7uFOf5uvGR8nR48WRNIkWLVOxjHxOFWkrnt4nI0Sy4PlFt49drr14.Tkr1i_EdiFiYXDvlJCAg j8kY2N.FlDGHdzxLkP5QeIIThvqKSX5mAAiegCksASuSjhyumw9bCfsO_1PuscTjR9blQBdi3UvP iN_BWock1HWIaWv2QPT3Za.WHmnITMyMM8XQbefImryzyliDY64A5K8z_UNHgkkR3DZ4wJPhqJnl C_M0HEywwhV50Im_lzJy2Zs7ajV9cdxsPFv14wA6qUMGa7.WhVloQRRlgDwIdynZzJp3Z3KxrNOl ui8UNADfn28Q.M569eSR4uWveP8hJbz1jbTomu9Y8IbnDC4c0dyUYBX2pjapa2U2yRqjYRbFth5F N_3tH3u1YoLnGuQRBNOch3VjB32O.QJf3JtdDTiLTo._KSnZ4DJaqAT8Je16ydhUvWUv18uLg.ol ADEipH_I2Ii0eSiteU3_RI0KRwK57Nnp6NhkASYHwmXgcbLd1V_1yTGxixXg39uKGD8PHeV1cJv4 HK5ADrHPgq13lA4DLp57Zk.zA_KEETCHC_Ln9QAJvJBmPhIxB3tDaTszzSD2E7s1cj1SpJy2cnYH wBiCt3zClFccu59qywwxjpCfj8Uc4XqqQOah4sO41Zik3vaE1Pvr.YH8yXIFSPjxq2RN8HqCy46v Do6MVvrr.WNR0rccZJ8S27X06KpdgVhd.rRSHcsGKoPx.Yup2R90lQWU_EjX8baTW6B7BaubHHNY qBNSc3ElTdAV7MlDGCaDeBbDcaL8LQZBxg3f7YWsLn5Qjp59YCh.JLZFIIoQ1ex_RLjeQYwdq1DO dFIMOAUni00pGmfkJGZbQGUBTj55RSlH.KZYze4l0uasNBB9wiM6wrCgsL9wuZ7xeb5Z9bMhJkFJ sUdomothke_Fkyj_MBZSsIleBYgdi9eYvKymi2rEjJqUUBSl7TZm.zzjSoPh6UwpLKcbYt5XRG0d 5k2zxhNiIM65rEqCrER4APZspiPs8T3n_PEou6ZLR_t4eOjlysc_oIbhuEhoE_mRXZn.jC3QEf3U tLeql2RAjLHuQvJCgbJS0u_VDBtiRvFfIp027qkTT59riI2DippK3r6tEOhyz4mfOSsa78yV5vRy LaDwC5D2Sgn62Lo7Nqe30eW7fovpQnNJ9VkMk2yXuoxUfq.bvfuznBKEdbRqlbjASXHbBMkRgfi5 kkKU6cXeDnaAIqh.dqXbTv5DUBxJhhC0UCZx8QfEeYothd5FYbxqItRAYeseT3OUwaWXhhpbEkWo Hjcv9LkmUUmMGJKDDa5J2F0QTXqb2OPN0zGE9VQ2oJPKRufws5gzlA3Ev6WhdYbWkd36I_ibjiky _VofQIspiPLfDmFr4qn0v5R30_EqNyoW3gCAeQGWUhXkIXjqnD9zf1zKydPOruYUltt_ZFZm_qfW 26rqccJRm_1zZcKVoF5LCGWh.8fB424egkATWZdqglaYWChRTDcsnc15WmzBI3FbbDI9udCk0JA4 Own6yVfh2IdWtfDMSJcRN3YC7cTRbK8sKWX39uNJzdxKn_yTPyVe7k.nfQu321s32Xx4CRLojX_z 8ChSWZlHT7tDEPX.m6IfnHYqj7Oe6vQ5ntaxWycmNkOVKrK8L.j7GsziYgu26WwTro_UWyW41_rs c6ua081ErjyxcL.NO37cFMePep2kXqBV5aIN2Jj1eca9.LD48tNRavbnVb2i8advG3Htvwy4h0r3 CvR6LoCorZB2K25fHa4pk.7p6gOhqj08vr98Utb3XJA35u_mBZL3WrfsUg7W4tPDspihNccmw5qj 6jDRUrsF7rk7p0_FZLc_pfpmRCVLTELFOKSLPlhaQP1GnCXh1iAnJDOTJGd5VjNBVM6dgLOuQ004 luu_RYosYUlw1WoXN5NEx3XpDumamhxF79neGBfzbEMYYJ9H6KSSVOMmUZYc28NzpQXrHq9H4xiF h0GV5xJ8TL4OR2qWb5_93M2TakxTaDGcREUXJ8dlXqfmm9Y5s5zcBtg3oeePb7YOQClbd8euUxir I50Bs3u5LeAIVbzvPsuvAlAglcuhKvEB9vOH2H6qqjAABCV1q.ap6VPp4FiH1oP_5Y.PIVXF3SGG 4iA0hVX1GFHwVLlETdX5ktgt2T0m4.THSpjMXtP5Bdvr7.01V.uC_h3IyeLnj3lHk2z_Ib8UbMLh .FouOGh1w8eabOKkdPZpa50HBzXN3uO1fSCEoFEzMwmHuW4aOBR7yk9KG4Uyn33wNofT_gzyxz8p sC6xuOHgCC_lp2PTA_WuKZV9zj2hf7xBvEOC68.TkFPW4OV4cUPCuxq1Zt3U.IaECvrfNTTAfid. R69mMst07JMAnOAsV8wLFRAXq64Lkz9vL0Wl6rinkm7ft3H4qdLkisSha0dVWH245kmWcbaeQzgU cX9nRUHyfLSV34RnIiNYXkcIZi.MkEVDHrjqHCj4HsgIrHDZ8LwwQv2DveR0G1hl_bvtNsIAr42y b.px6goX8gyBTD.ZqOIL5MRifODNlrPJkjgG8gHiTRXxWVr2gNqLg6V6Y7onYutnukxVaN4bj0zC 2AJioyVhNap0b7SX7kcoRfsNp68AkK8vhLUAcwdXEvX3WBVL6vPsgMY.5is_tAlwcH04LcGA37w7 8aKCBkmxc.Bh77axmvQrvFjYgx_QmoLj32k5hOCsd3c.cvPqgdrpWqfs8E6dackqhs08B33LWwkC K_im5Om0AX5IHK9Tt62BTAt1pIy0IifURmrVN1R0Qp1XCkSzk0UInUoYMX8wG11CPGZVcLOzNWL1 RuDD38hOoRgFIROMpTjTnAoGGAIFTr5U3Tt53U.rKoS12stBtIXlfWR3KXmfNK3BrnBHBihtCszR y3UonCR0yEY5jbDTxiqBs9GO2EjbZFsHa7W63yNjlZZ9_icOmpkL.asE1qXcOCqN_MX0GBcVw7fE y9jD8iQpDnIz_EgYZRefMocfD7qNFxj8t_mPx2OOK5TTSIYXHglUN2QgX8s3nxWrLJYfhX5znsN5 ENf_jYQMQ_DQn0NzoLh00_mC8fq4hXxyLVLI5fU4itgIQfw8YfrwviAkxyesoXU1B5bnOUe3Y2Yz djHFeqzefzk3ppdwfgUras3JcllJIHlgtqUgC6g3v3K486ejYBeUeyMqw.aUqiHm9BjtWKTvHcX2 KBEFbbft7HFwaQMWigaXFs8lhEPNkoD63jNbbYu77hiiWzAxgsJB2.arTMJgD6IUIB4d9.hmwztZ F4Zlr7s9VUzSlNeM7G7cqbB3VvvrwPhPOP4wenw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:28:39 +0000 Received: by smtp402.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID c2caaea9b3698deaa58835e148f7483a; Fri, 20 Nov 2020 20:28:34 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Greg Kroah-Hartman , linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v23 12/23] LSM: Specify which LSM to display Date: Fri, 20 Nov 2020 12:14:56 -0800 Message-Id: <20201120201507.11993-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new entry "interface_lsm" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "interface_lsm" to set the value. The name of the LSM currently in use can be read from "interface_lsm". At this point there can only be one LSM capable of display active. A helper function lsm_task_ilsm() is provided to get the interface lsm slot for a task_struct. Setting the "interface_lsm" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen SELinux hook provided by Stephen Smalley Signed-off-by: Casey Schaufler Cc: Kees Cook Cc: Stephen Smalley Cc: Paul Moore Cc: John Johansen Cc: Greg Kroah-Hartman Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- .../ABI/testing/procfs-attr-lsm_display | 22 +++ Documentation/security/lsm.rst | 14 ++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 17 ++ security/apparmor/include/apparmor.h | 3 +- security/apparmor/lsm.c | 32 ++++ security/security.c | 169 ++++++++++++++++-- security/selinux/hooks.c | 11 ++ security/selinux/include/classmap.h | 2 +- security/smack/smack_lsm.c | 7 + 10 files changed, 259 insertions(+), 19 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display new file mode 100644 index 000000000000..afa7c60a7892 --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-lsm_display @@ -0,0 +1,22 @@ +What: /proc/*/attr/lsm_display +Contact: linux-security-module@vger.kernel.org, +Description: The name of the Linux security module (LSM) that will + provide information in the /proc/*/attr/current, + /proc/*/attr/prev and /proc/*/attr/exec interfaces. + The details of permissions required to read from + this interface are dependent on the LSMs active on the + system. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are dependent on the LSMs active on the + system. + The format of the data used by this interface is a + text string identifying the name of an LSM. The values + accepted are: + selinux - the SELinux LSM + smack - the Smack LSM + apparmor - The AppArmor LSM + By convention the LSM names are lower case and do not + contain special characters. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index 6a2a2e973080..b77b4a540391 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -129,3 +129,17 @@ to identify it as the first security module to be registered. The capabilities security module does not use the general security blobs, unlike other modules. The reasons are historical and are based on overhead, complexity and performance concerns. + +LSM External Interfaces +======================= + +The LSM infrastructure does not generally provide external interfaces. +The individual security modules provide what external interfaces they +require. + +The file ``/sys/kernel/security/lsm`` provides a comma +separated list of the active security modules. + +The file ``/proc/pid/attr/interface_lsm`` contains the name of the security +module for which the ``/proc/pid/attr/current`` interface will +apply. This interface can be written to. diff --git a/fs/proc/base.c b/fs/proc/base.c index b362523a9829..214a0503589d 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2808,6 +2808,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "fscreate", 0666), ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), + ATTR(NULL, "interface_lsm", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index fe9203f15993..e19393b2b8b7 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1660,4 +1660,21 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, extern int lsm_inode_alloc(struct inode *inode); +/** + * lsm_task_ilsm - the "interface_lsm" for this task + * @task: The task to report on + * + * Returns the task's interface LSM slot. + */ +static inline int lsm_task_ilsm(struct task_struct *task) +{ +#ifdef CONFIG_SECURITY + int *ilsm = task->security; + + if (ilsm) + return *ilsm; +#endif + return LSMBLOB_INVALID; +} + #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 1fbabdb565a8..b1622fcb4394 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -28,8 +28,9 @@ #define AA_CLASS_SIGNAL 10 #define AA_CLASS_NET 14 #define AA_CLASS_LABEL 16 +#define AA_CLASS_DISPLAY_LSM 17 -#define AA_CLASS_LAST AA_CLASS_LABEL +#define AA_CLASS_LAST AA_CLASS_DISPLAY_LSM /* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 432915c1d427..0ef5d0b2dbdb 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -612,6 +612,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, return error; } + +static int profile_interface_lsm(struct aa_profile *profile, + struct common_audit_data *sa) +{ + struct aa_perms perms = { }; + unsigned int state; + + state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM); + if (state) { + aa_compute_perms(profile->policy.dfa, state, &perms); + aa_apply_modes_to_perms(profile, &perms); + aad(sa)->label = &profile->label; + + return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL); + } + + return 0; +} + static int apparmor_setprocattr(const char *name, void *value, size_t size) { @@ -623,6 +642,19 @@ static int apparmor_setprocattr(const char *name, void *value, if (size == 0) return -EINVAL; + /* LSM infrastructure does actual setting of interface_lsm if allowed */ + if (!strcmp(name, "interface_lsm")) { + struct aa_profile *profile; + struct aa_label *label; + + aad(&sa)->info = "set interface lsm"; + label = begin_current_label_crit_section(); + error = fn_for_each_confined(label, profile, + profile_interface_lsm(profile, &sa)); + end_current_label_crit_section(label); + return error; + } + /* AppArmor requires that the buffer must be null terminated atm */ if (args[size - 1] != '\0') { /* null terminate */ diff --git a/security/security.c b/security/security.c index 78aeb2ae7010..543d9b707fe5 100644 --- a/security/security.c +++ b/security/security.c @@ -76,7 +76,16 @@ static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; char *lsm_names; -static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + +/* + * The task blob includes the "interface_lsm" slot used for + * chosing which module presents contexts. + * Using a long to avoid potential alignment issues with + * module assigned task blobs. + */ +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = { + .lbs_task = sizeof(long), +}; /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; @@ -471,8 +480,10 @@ static int lsm_append(const char *new, char **result) /* * Current index to use while initializing the lsmblob secid list. + * Pointers to the LSM id structures for local use. */ static int lsm_slot __lsm_ro_after_init; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES]; /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -492,6 +503,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); + lsm_slotlist[lsm_slot] = lsmid; lsmid->slot = lsm_slot++; init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); @@ -621,6 +633,8 @@ int lsm_inode_alloc(struct inode *inode) */ static int lsm_task_alloc(struct task_struct *task) { + int *ilsm; + if (blob_sizes.lbs_task == 0) { task->security = NULL; return 0; @@ -629,6 +643,15 @@ static int lsm_task_alloc(struct task_struct *task) task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); if (task->security == NULL) return -ENOMEM; + + /* + * The start of the task blob contains the "interface" LSM slot number. + * Start with it set to the invalid slot number, indicating that the + * default first registered LSM be displayed. + */ + ilsm = task->security; + *ilsm = LSMBLOB_INVALID; + return 0; } @@ -1629,14 +1652,26 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { + int *oilsm = current->security; + int *nilsm; int rc = lsm_task_alloc(task); - if (rc) + if (unlikely(rc)) return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); - if (unlikely(rc)) + if (unlikely(rc)) { security_task_free(task); - return rc; + return rc; + } + + if (oilsm) { + nilsm = task->security; + if (nilsm) + *nilsm = *oilsm; + } + + return 0; } void security_task_free(struct task_struct *task) @@ -2054,23 +2089,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * lsm_slot will be 0 if there are no displaying modules. + */ + if (lsm_slot == 0) + return -EINVAL; + + /* + * Only allow getting the current process' interface_lsm. + * There are too few reasons to get another process' + * interface_lsm and too many LSM policy issues. + */ + if (current != p) + return -EINVAL; + + ilsm = lsm_task_ilsm(p); + if (ilsm != LSMBLOB_INVALID) + slot = ilsm; + *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + if (*value) + return strlen(*value); + return -ENOMEM; + } hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && ilsm != LSMBLOB_INVALID && + ilsm != hp->lsmid->slot) + continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } +/** + * security_setprocattr - Set process attributes via /proc + * @lsm: name of module involved, or NULL + * @name: name of the attribute + * @value: value to set the attribute to + * @size: size of the value + * + * Set the process attribute for the specified security module + * to the specified value. Note that this can only be used to set + * the process attributes for the current, or "self" process. + * The /proc code has already done this check. + * + * Returns 0 on success, an appropriate code otherwise. + */ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + char *termed; + char *copy; + int *ilsm = current->security; + int rc = -EINVAL; + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * Change the "interface_lsm" value only if all the security + * modules that support setting a procattr allow it. + * It is assumed that all such security modules will be + * cooperative. + */ + if (size == 0) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, + list) { + rc = hp->hook.setprocattr(name, value, size); + if (rc < 0) + return rc; + } + + rc = -EINVAL; + + copy = kmemdup_nul(value, size, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + + termed = strsep(©, " \n"); + + for (slot = 0; slot < lsm_slot; slot++) + if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { + *ilsm = lsm_slotlist[slot]->slot; + rc = size; + break; + } + + kfree(termed); + return rc; + } hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && *ilsm != LSMBLOB_INVALID && + *ilsm != hp->lsmid->slot) + continue; return hp->hook.setprocattr(name, value, size); } return LSM_RET_DEFAULT(setprocattr); @@ -2090,15 +2212,15 @@ EXPORT_SYMBOL(security_ismaclabel); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], - secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + secdata, seclen); } return LSM_RET_DEFAULT(secid_to_secctx); @@ -2109,16 +2231,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); lsmblob_init(blob, 0); hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secctx_to_secid(secdata, seclen, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); } return 0; } @@ -2126,7 +2247,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); void security_release_secctx(char *secdata, u32 seclen) { - call_void_hook(release_secctx, secdata, seclen); + struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + hp->hook.release_secctx(secdata, seclen); + return; + } } EXPORT_SYMBOL(security_release_secctx); @@ -2267,8 +2395,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + int ilsm = lsm_task_ilsm(current); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.socket_getpeersec_stream(sock, optval, + optlen, len); + return -ENOPROTOOPT; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 52a50d7ca534..a37afbb159ab 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6334,6 +6334,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ + + /* + * For setting interface_lsm, we only perform a permission check; + * the actual update to the interface_lsm value is handled by the + * LSM framework. + */ + if (!strcmp(name, "interface_lsm")) + return avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS2, + PROCESS2__SETDISPLAY, NULL); + if (!strcmp(name, "exec")) error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 40cebde62856..1858aa47b32a 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -53,7 +53,7 @@ struct security_class_mapping secclass_map[] = { "execmem", "execstack", "execheap", "setkeycreate", "setsockcreate", "getrlimit", NULL } }, { "process2", - { "nnp_transition", "nosuid_transition", NULL } }, + { "nnp_transition", "nosuid_transition", "setdisplay", NULL } }, { "system", { "ipc_info", "syslog_read", "syslog_mod", "syslog_console", "module_request", "module_load", NULL } }, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f96be93d1a75..3f96a7aaed6b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3509,6 +3509,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size) struct smack_known_list_elem *sklep; int rc; + /* + * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm" + * to be reset at will. + */ + if (strcmp(name, "interface_lsm") == 0) + return 0; + if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) return -EPERM; From patchwork Fri Nov 20 20:14:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922177 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58709C64E7A for ; Fri, 20 Nov 2020 20:30:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 088582223F for ; Fri, 20 Nov 2020 20:30:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="XQCNbbDL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730955AbgKTU3u (ORCPT ); Fri, 20 Nov 2020 15:29:50 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:35012 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730957AbgKTU3t (ORCPT ); Fri, 20 Nov 2020 15:29:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904187; bh=H7Ri/VHtHrASIh5rh+CWAH+f7yizZE1UTVXdJjukPwQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=XQCNbbDLwcc+M2e7NWSO+Z0i/f/Dnzs1VXDAT4xrDDsPHCFFleDGmGCwsTOFldht2v2PsVutAYGIoXKzTDRWelR8/rRBw86a6tAnqvLILuo4S9DnF2a/skQx/a0jDV+6y8CBHBc85DSQIijY9PcEmvxr8tufq8FrGvf3KvAzutOnqJhavd3nQdVnHuMjfC5xjgCLVhMkXlk4j0WBpJYW1g52GBKjzi4t18AovbAqGWtGuZ/4Ety4yjlQ61sy29X0jxFWwVVcVf+SnJOZ9oBGfVXzRk2vnJNIeRqAiKbo9VYB5bdwF9pnW7YBvFBGAhZA8hTu3UU7fNFqUhWiY/HXqw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904187; bh=z8hyZDD1baUbJI5PJE+uj1fcLiaZZLovwrM5tueFnFr=; h=From:To:Subject:Date:From:Subject; b=Yef/QAHJcAixNkvdK+O8Gh/Enhyus6x59NvG2yBSlqUsDWm+2rIEeRlE3LCVDYaoWHmPx4zSYYIxtwtNz5giHu/602IQgaovxWbsyW9sjHCSbzLABjKCo3KX/sOSiGJAlsUwslvk98G/OOYngHpGHk/CdinW7PMWwVPmIx38Ac+l2BUnDrlt4PHY4hh4yH5s9X3GVO7NFSLH19vIV7uLey0OpFPzdvGhnAx5KezT6m074nS+ZM7LjPL790IFAiA24IGya0KVpF/60RJm6QFYQKgUUfdrzTcHux+fHoHQL9zsuwzh8zmV8E7zCTl3XM96jCOHsohyG0eahIFXL2gz1g== X-YMail-OSG: m7d5C.wVM1lVkOMtOCJJ5ZCDH9QzQBWGEvifAZZso_wufrwRtUosAFMBmykBbyG 8lcMdBsMGenjr53.94Ey2_W66XZ6X7h.GkexKb5GP8k37Kn0gPlcagiYvIuEtRWq_MmugPMqQxLB HP.uu7ppUZxtUyy4.IR38ZbBL7XWlU6LC9fsf1T2AkgBfsSfbi4D9T9wrNPG2iQFFqpmD7XlkQc4 aQzTXNaSToD5Flf0G8ElkArx7inEoDbUqUkEQpAx4BGC6v._RkV5g00yHACisLodUuoJCLfmVxgg wXuzuO6nUj6VhugzFG6XlHUSXJKsB5VY3rNvwWyQLsAnKDqj69eAxyD6fdSdU6kkj4dxrZRBLvlK lwEBQAR4yHOCYJ3mGpiOhAxonNBeILmAQMVk6TJslH5Y0Mv475ScbaF7zoH2Fq2PjmEojTrGQq_Q RXkvK4zWriBoD4FMCXBmIt5SLRVyKHV9AyAiYpgad7DLN9Arap.0zjI6Leyl2w1BlnlY8W54kUcN m1FKxcI4BDmRpQUyN1oY9M3Y46Od8Dv9THZmO9VRlrtIjzgf8JWDLKsenxSmkcqtLYmWBrhzsRCw yjoaXszQD4RXPHmE.wqvxalSk2nmmyy6PwN9LqeaJFAbOv37mHwzaEQp9qM9gpAUJeXQjk3smqBu Gsv47PMx9MOuUcVxDE9pJXUtTEiNaoAi9QDJTmd8GRYmiJJOUOi3.maBQS5X_MsJM2oKZnTrkBL_ KudgM_3U8Q_9rN.Bpgf1q466gctKqC7REKEl.VO9jEDOthZTA0ucyjP2f2XzMbCocio3ESg.tR_i M3ladDGCLf8d39XMIFmLWFVP6jPXg3fazrYFdNnibKfe8nXzfQJCClpk8qndVdnCsRtYVPzxTJHV YmimtEZ8eNPQ8zJWIBQgas5xrQ7dzIokvTwK0KyEbR0lwc_Ht4n66PSuzIPon4ShG3ZSgKyyQiPF t38jPsQUb0kg1uuXiwifBazF5JGxn2GhJ4WsIfVPkeo59.LmgxYL6dq5L90lve87gfH_YhPAykMX vQoqhQppaHsKp_ROjkyPIVxaOQ6tbzsANK3Ac7EyC89WLfdLWiGtXcgqfvJPfni5KSrG2k1TUMIP 2E9wos71q6ztSM5AzGmcglbC1EfbSosmBPP_1K6G9tDuh8Hq5KKcmXwGiT4sHpI_HPWhX42hYYOY .lS749sdmqgvDkfsscN6TnRdf_F2s3715HCsItPTFrUXIpdD6EQOQdeSQ.O42X47yFT4lrmZDrsg jFh2_XMzJ5Gj2hlbtFnlZJgjRq34OQADwWJmvw8rBm3iuMAPtJepST0sIDi5L3nSjXT3AaR4Oh5p r1fwbKNT2okoJun84JLfIOp9NQotLxkLhmY.8y9Wh2JjF1JyXWphD49CAmiMDmjy6yjPToVcFO5X BDxBYi9Y0uMCtiqsnOZu6npwaLRl4td8PCgcWwT4RFMmQdWf4ElF1ThDXthnzPPGVTrWPer6t0u_ zu0VL21B.Yb0KpgLwF_OgD68je_qUFMKq18UXQIQof1ASXz8ajbon_AYBVXWHw9DX7DHy.dHKV6B _qmjA.cMEaktgIUvIqsvZKU6QSfudr8tNWmMDeqtNOvt9vfpHT39d_2_JTyiqt11QGwQ7x.gEoFu 7CHvEk4raQ5J1Y3opGariz2T3ZknZ6RxGa1VTG3SCGIl9b26OkF9zuIXC67UnNCKJq1Ze9wVorj2 4730eOflvhB3AtKqwhqpZSs27ta6gd3OAg63fxBl5XVPgk_8NN.CQnHdhTZg2cjHJCW712c95kOa UVzM1UeaJTdZYwTMYnsQ7gJ60awF3joU1UEnYmt2fz9gPQBwF7IaEn_43A51NJw3BGFqszypfn.5 gf2oZTGC4YwmHthf4q_WImVVfnNMyN8A2OHhVFV5JyepbReRsmb2JEZjTOhL9KcXAFBsI3KcJHG2 v3G_6NpFV8Hrn8P7Zrdke8PESKKq.yONi5AYS7HWagRT8AIwcpImXocmHFiokCRJOzudz5ySpxel X4S8_fPxOShuvxKmWH6hmcGfnlbPILQ.afigzoSP0gL_XQp6coNTOIKs6auQmmTFIWqLHWfSYSx. xDV9iY92ws8B0vkyRWTZKgRSzXgoHs_udV2TebmSwzF.M_DHHM4K7ITRU2CaOHUSfHsAxGcq_vbv cohPGurDhJDE4gHTw.y3buTxKPCRA4Xg3ra_PEGvxUh1JCk5hmWSvj559dSZXNVPOhmssleuWjyF qv.OlQBH6dqbygqFKwWKXOrEhlMmUS9__U3917YSsB5YMKELpV07u1hKOcjY3fiFlQj8nE4nHy_k 3PbHjELiYnq3giuyNbbkCBdwbMcQSD3raVtqsH0WGaKcLPaNb7ick.bFJvSMPoNHc8_H_PpknhE4 ySb7IKVNBV1Yo0abXiJNbgGwW8U1EVLJigbYne.A0R6zXJHwvhOndqXp.4nU.Iew38DoQRLKKCw_ BE0mg5BWKIHOhoUgjk23VrMlPu4BYuAVE4xgg9dYpc4Gqkry2IhFqnHkAajcDPVOu1GSO1nsVX9t MzQ6qq.1jM2UeJsqQEUiFYMSM.J8nrxPnIG40PBHjHekAERqS0XXl9vATnkB1hkWRXex7iw2xnzY hWhB.SpAcxEGpLd9skwQ7J61uV8Iokyu6CgSi35QPtj8YEK3NxcRAWb75TvN4kCEBPt2r.uK0a3f R6Mx0qUyL3BAsCah2X42d.s0ypABt0PXT2fyTA88qJH5bXS.C8Ke_EaasVLUqXl8FWjSSWwCSxZb 4RtPBWQDSizs7XfBF4SRI9N4fo6LAcfTNdIF9uxmf2s.0VBw_tST5yWa1fcb1hrF75qxmmCt7QHe ciCcu5xiEFKYRyBMJr1dLC_KFbGR9cZGR8xy4ODNOSu2BGO1GIz3iuLa8bzUY5A2X4MJMVof1lQd LQnq_AJSzZCYKR2az6ogTcV1jTvPBUBhfsgnuwjImuS5OH9oylzPeEtozQXWiefy_l5qWf97OW92 RcgDJ7KMgQEwwesR6.qEsYOUOeph28n6pffIsE3Me.k.zqOZI9WXvhUFiGAu37gPzZ53pvtjG.p3 lplk9sVh8IMPa1T3.kVbUpXdnkexuJsDoprdUWNpqxjLIuQY4egwDNSYwt_8ulKMLGIao7pJx2_Z lJ5PcAc6YNA7Bhzw_5cNRMAlWkCmIFx0AoyyNJMKi_w36iNYPkSWT085nZECMOij44.ryR.OiBm2 jgmZFCv64NKyQbVf3aHIqCnFmh_6zX0.POObOlU4PCe3csmhZr8eyghx2z9Z4I7S9SkZX4PqUi8N ijR37hKPSOThEFPz7ULp4MS77Fz1xIWieP0ARZzbtMwH0QnNQKlyfk95khV9foEQMaAXSzQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:29:47 +0000 Received: by smtp401.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 62e1877e1887933df0f6b34e459fde17; Fri, 20 Nov 2020 20:29:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v23 13/23] LSM: Ensure the correct LSM context releaser Date: Fri, 20 Nov 2020 12:14:57 -0800 Message-Id: <20201120201507.11993-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 08737a07f997..05266b064c38 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2838,6 +2838,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3140,7 +3141,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3473,8 +3475,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 197cb1234341..5dfd08357dc3 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1273,12 +1273,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 9e0ca9b2b210..4b03a3e596e9 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -139,8 +139,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 833a2c64dfe8..4ae7e156ea87 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2717,6 +2717,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3228,8 +3229,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index dacd64d2d141..4ed7a0790cc5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -132,6 +132,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -531,7 +562,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1366,7 +1397,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 1f987ac23e90..8867df3de920 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2129,6 +2133,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2142,7 +2147,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b15222181700..2b06171bedeb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1407,6 +1411,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1415,7 +1420,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 8627ec7e13fb..5d2784461798 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -334,6 +334,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -354,7 +355,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 54da1a3e8cb1..e2bdc851a477 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index a6dbef71fc32..dcc31cb7f287 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index cabec85136e1..5b83967e3f27 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 543d9b707fe5..352c9eb98425 100644 --- a/security/security.c +++ b/security/security.c @@ -2245,16 +2245,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); From patchwork Fri Nov 20 20:14:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922299 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6863C8300C for ; Fri, 20 Nov 2020 20:31:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5067A22464 for ; Fri, 20 Nov 2020 20:31:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="PNnxJX1E" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731202AbgKTUay (ORCPT ); Fri, 20 Nov 2020 15:30:54 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:37390 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731197AbgKTUay (ORCPT ); Fri, 20 Nov 2020 15:30:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904253; bh=4RRzO0paPwyehaIJU/rSn0qfpMiu/liXc47W7zqXUbI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=PNnxJX1E0a0nSxQYapsBEeREo53A0l0I/0554SNnHFbTYtwuzCyKQwY82ZfyUkq3uoN2pFWBJcmti3dhOAAVs6m3pXIkkGj+59Yuv5Ch0TS/ne2R841rFntn8nHkUoytSMl7ODPi6w8jr/XQ+YvHVfcvnLvbum86gEi1XxPk9GslHocN24KqbwGYA91GG7+nngVZlv+TbocX9EZE66qw9lLXV2RASlHR0k0VwhQIcy6IjgnxO0hH+/Y0rd2DHc97I8oE4xdfUBsy3MgokCEliekiJCm/p6C025RY1YWVxK8Izum4cCangLyyZfMWaH/fZOUnpy9q223w9HxZRoCljw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904253; bh=XFIks0hweHxrYJ3Wr3w4271Lk52T32xSa9GCbJ/19n/=; h=From:To:Subject:Date:From:Subject; b=qKc1hYFFtGKDDTC/BoVOffX2OpU/oWr2yvh5paj35A2n3xyFZxN2VSsPP1pXKZjDb0YIQIHrYj+zAO5uUH/c7UkRJDRH5nHphS0VRk0Sa30XBSswjGbuWQauZgh/WfNNc4Or3oL/Bm7TKkBLy4ACvkoNIOHS6lVs8QRTxVRIXG2rWYt9PKHxHmfd01oT2/GA7eZVLPdtPZz0TqLgqD9MOuB3cfyTHxbuMPWH8ZhfmOEjrsGoa3qV6a4asrO1TNxPrqY2WaPfxlDoKQiVLawkzGxdmBx5Cu3vlJLTbWJMnJDZ9Xwz5AErRCx1dv99jifYkwV3cxwjQHJ7Wt1dkrov4w== X-YMail-OSG: GGluitgVM1nh6AdNYNpJhGY1uVCpJVHqkPvEt_RRzJbbQKeY83WmGPF3QR3YGM2 hosqc032fdocyRva_vxHze6O5eSlWRzdQwqhVYEelOGpfnMjdyEjhOGSzx_O5t0aIaUfFugqxZXU hDCkAn.5ziPTTml6aPlMd1GELTdcMgoOC.GW81fW1iBbnNs9g25WYRqA94r6inlPGTvVyCfD_Lp5 G9h9DjKirRXW108L69RSa8crvy2wo_JjhdJyjKVDy2XJf4nyPQeOGJ7vR9ttSMOLYxhcs8Fybk9e du3Ahz2QkXbwvfar67qtnuGgWidAvTIw_L0hxSJkVv5LjQc.3Q67q4ynMOca3KYismdZMiGTVzeV UpRBQ.pR41KEAJU6I_a2BV4tdGwL0Osiz9JpjauIi1j2j95QMqSVay2dcuMn_f4XpwkyXQSHsQKr XKxc0.rRg9HEP3HG716f8hcfpWrdtLyDQIZfF7Rxbi_X3tKHC1VprjGnpa_kE5wRmBKX.CvHm2Lf 5Uc1DaTLz3vE5OTSNs09rtXDF3a4ZrQ.sIvWR3HpwAFAZbMfXtBFKNjTLC7dcr_tekxE6B2gvT2u NBe4Q24HDzVNkQJL.pbk7LiVNIrgYkFpFKI2WwP0LpmbO33gKflk8KNbO8wwOk4qheG_rPfHDLcn 2GN5YrUvtdvhCSqp7cemYhKkDuKdo9C4Te40IpecPhVZ5GVIHeqewogXkHUIZY0Jj3zvMspucfBV P_mFILcehmT91TI73HHOhsKqBTFhQPvgqF63PY_Q2Q7RPUA2FJzJ.VYga_0tTvxuLBLKcrphbTcd 6o82spBc5ovAyYtNmIUdYgcWwNd6TTizhg.o3bZQwaKOVyYtZPkuJ3B3wrBZ.2nIAclNk3aVs4cE NtWE66VNIZQOBH6A2QN0CyQsn2.NZaRR05Mj3cB.zhsq9cGhvxZmDL62KdxP7Y.7_nusdSi_D.04 7waBN28KcWpdwoc_8PnhqL75MRIXCOWFfYnK7TvSJ5yPSNNahF6fJ33.OWhuRxXDoNPJt.oz42YE Dw1UXC1ZzdXLp.8igOWAjaGkORBxPw3pqw2apWmvv5GzNNhEKSjqwSDeSIAH2QLpo3pk2mk3ck1r cTWDOum8iR9cwh1Je5gSWcO7YMvheZCkDGfB2llfll3lkQ.HomV8rGsqvpd3t9OvPt89lIkLA0sk m7JPy7C99b6iDuA0OaLdK29HHdSHd11TmPGePrR5fPimDf1CgUgeqaKoHPxCedMHz03Cd8.s67X. JDR0WhSnp8OIQ5OHKyNhKg6REym2.myEVdVkFGslbdBVChlDOtP.nCHo4sdCHpkX.qjaAMk5Uk6M FHaIHM3_s0PJI44l1v5q2HJhMRBJLRYLUq42H.CE.DMGKbb_UlbeGsesHS2xsgLcmli5Ihbrb14i DY9FwznB9y8VJooj3EAtuA21O.9537dDMEUqcPgnmg.8JwFGqOIi1k.4NjwerZqYhLobUpNZTpPF IjBj5ga0nEW_Cp20LLruFGtKu4VUqJT58N69MswltvEpOvjAEKcusy_QyT8N0bI2ZQO.sEC4cxEl KvMIkjJotv8nmvNGeNsAhpqZMCLFvxw9uoNH.TVgTr4ZBm_kbBmKMRBiNTftnm.zkEZSG3KI6zEx bdMNsu367DusuhEUKWz4I9LnblyPQGyjHbi4ddAjLYI2YNbx1GI3Bl2o3uYM0wTpIcoSKTkXHxuY TCP1ybtReBkfIOu2DzTj7UB8XbLSl1VYv3uzudescuG2rtk4G2rNwyAWI2E9Oi1gmGGs4iFqELEG thtqYRXiYNNjzXj9GOSQT3qDiqUM_unEj94jV1T571kYKX6HpU0AkozbDD5fQH0rMLLonEkgqTd8 8DVaNvryCjIFAQQSD5BPaWxDs5nkU8Kkp33MVO1pqi8ki74rEVa33aKxOPVTn7pmo4lBHXQaLwve EmZR0wJsN6N86cb7m3qZ0nZGpipXwqV_IRR2CWRZBmaE3D7ozzEsKHnueoRvPCyuU3mZEGryWAgJ V_P7vfo8Af71LCqN65FGb4b9mFTSjna2U9MXHuKkPKfHO4chVaZD0vtpsoUfqBfRibyPkN3BVuNb moZPHdmjSPXa2g8zxr3nWeVB3ltdt7f.LS85kmXHophAhlYwUwrV3c1zZpJFPiu44o7cdGJvFqzl 3K8t_zckc3t7XIDH7gcwSxX1ivrhryf9xIeXfo_0xkjINYct7ooq2hebdOCnyQ_tBt.kw04svS.N Jn7HXvH1J9Ti.i1n_2wA40c66TFCa93yoLnxfuV3pOdJRjd.EfukOqKv38f1SoT0xHj1kV00G0rC 5zOdl3V84FCfkhVjtmygxJIayKYfgxlJUZbEg.z2VZyjjx62a_lHX4bGPvvK2AqY2E0yIRFq2dj9 tSGhKjAXECohD6m5UR2pxVWg1TkOFvF7n2z6Cz1ths_.aJEuz1CpuEWDPDRQNqkkgqZfaBj.MpFP 4.g8xR0VC42aidbMdTosLbFHp_MPDLUJp8wt2ygMB5EnYsTEsRtqoAVXjVjUAAkVgpIyROxJ8ZmJ WKExGH8zzA6Ztxm1z97q9.AF0as13QDt1BiSChsYOFoE9HAFdEM3ZCIUjckVpP8cEKA_51VwsWQN HVEJF4lRRYms3wTLoh0Gc3pstcwTLCVIRzk2t9Nn63ibfZr8.1pgXlivLJXrBSXC5nBWLYNOdREt ueZpgnixc5hb.8Zf4JPYMJHAWHGxyAElZPUe5rYImHv6p6zxRg1iBC2LdEB55FagLIUxojhwdpSa IJzdhZbtzBB5MTr_YL9MCIlwzNKEb2_hSye8Il_k7I78SKZnHDf_mIlChbb57__a1ekRFYv_tUl7 Uh9CuBMkTs916XMLxpgFRXw2x..a4EQvEQ2JQVNpoQ_xMDtxFMe3EpMWfh.TL4YNJ.EzIcFkzy0w AXbuuLcJ1jTAWysXhLLROPaTdWticKIVseJXhlDIMiwwKwo_k9f_002dZTXXS8oDKiJ_wW5dh63c Rk.MJkGjT61wFMWeAgaY3NpF9EU7LqcfBt4X_S19FE4bPSYuy_iNjFUQ1kpDdTbxHeexUa6hhlQT k_485AWl5JvvVqqWehz.sKFOXCbGh9WXbrO_btLHWPx8FJNDhygoTrb5azlm4tK.5j7DgrLQ_nD4 drOB.9qZpt10JT9HWGx0FEAmbaauKZgoSXnU7eryK0G5Pfndp29nSC4BlZycQiX0sw3TL9hAW2Q- - Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:30:53 +0000 Received: by smtp408.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8c6eb17d31118d62bc7b134126c0c400; Fri, 20 Nov 2020 20:30:48 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v23 14/23] LSM: Use lsmcontext in security_secid_to_secctx Date: Fri, 20 Nov 2020 12:14:58 -0800 Message-Id: <20201120201507.11993-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org --- drivers/android/binder.c | 26 +++++++--------- include/linux/security.h | 4 +-- include/net/scm.h | 9 ++---- kernel/audit.c | 39 +++++++++++------------- kernel/auditsc.c | 31 +++++++------------ net/ipv4/ip_sockglue.c | 8 ++--- net/netfilter/nf_conntrack_netlink.c | 18 +++++------ net/netfilter/nf_conntrack_standalone.c | 7 ++--- net/netfilter/nfnetlink_queue.c | 5 +++- net/netlabel/netlabel_unlabeled.c | 40 ++++++++----------------- net/netlabel/netlabel_user.c | 7 ++--- security/security.c | 10 +++++-- 12 files changed, 81 insertions(+), 123 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 05266b064c38..a75ffcd0270a 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2836,9 +2836,7 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); - char *secctx = NULL; - u32 secctx_sz = 0; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext lsmctx = { }; e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -3092,14 +3090,14 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_task_getsecid(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); + ret = security_secid_to_secctx(&blob, &lsmctx); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { /* integer overflow of extra_buffers_size */ @@ -3126,24 +3124,22 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - secctx = NULL; + security_release_secctx(&lsmctx); } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -3199,7 +3195,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3475,10 +3471,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) { - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - } + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/include/linux/security.h b/include/linux/security.h index 4ed7a0790cc5..c86c9870b352 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -559,7 +559,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1385,7 +1385,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index f273c4d777ec..b77a52f93389 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { @@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - /*scaffolding*/ - lsmcontext_init(&context, secdata, seclen, 0); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, + context.context); security_release_secctx(&context); } } diff --git a/kernel/audit.c b/kernel/audit.c index 8867df3de920..4e219d1c1781 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1190,9 +1190,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; - struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1440,33 +1437,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + struct lsmcontext context = { }; + int len = 0; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_secid_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_secid_to_secctx(&audit_sig_lsm, + &context); if (err) return err; } - sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); + sig_data = kmalloc(sizeof(*sig_data) + context.len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) { - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); - } + if (lsmblob_is_set(&audit_sig_lsm)) + security_release_secctx(&context); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + len = context.len; + memcpy(sig_data->ctx, context.context, len); + security_release_secctx(&context); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2129,26 +2127,23 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { - char *ctx = NULL; - unsigned len; int error; struct lsmblob blob; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext context; security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &ctx, &len); + error = security_secid_to_secctx(&blob, &context); if (error) { if (error != -EINVAL) goto error_path; return 0; } - audit_log_format(ab, " subj=%s", ctx); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2b06171bedeb..4af5861bcb9a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,9 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmcxt; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1011,13 +1009,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &ctx, &len)) { + if (security_secid_to_secctx(blob, &lsmctx)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } audit_log_format(ab, " ocomm="); @@ -1230,7 +1227,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1254,17 +1250,15 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - char *ctx = NULL; - u32 len; + struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmcxt)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); + audit_log_format(ab, " obj=%s", lsmcxt.context); security_release_secctx(&lsmcxt); } } @@ -1408,20 +1402,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (n->osid != 0) { - char *ctx = NULL; - u32 len; struct lsmblob blob; - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmctx)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index a7e4c1b34b6c..ae073b642fa7 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen, secid; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); @@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context); security_release_secctx(&context); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 5d2784461798..e6fdcd87ab3e 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -331,8 +331,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + int ret; struct lsmblob blob; struct lsmcontext context; @@ -340,7 +339,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; @@ -349,13 +348,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, context.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); return ret; } @@ -655,15 +653,15 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; struct lsmblob blob; + struct lsmcontext context; - /* lsmblob_init() puts ct->secmark into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, NULL, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; + len = context.len; + security_release_secctx(&context); + return nla_total_size(0) /* CTA_SECCTX */ + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */ #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index e2bdc851a477..c6112960fc73 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -173,19 +173,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { int ret; - u32 len; - char *secctx; struct lsmblob blob; struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", context.context); - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); } #else diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index dcc31cb7f287..84be5a49a157 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; + struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) return 0; @@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, secdata, &seclen); + security_secid_to_secctx(&blob, &context); + *secdata = context.context; } read_unlock_bh(&skb->sk->sk_callback_lock); + seclen = context.len; #endif return seclen; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 5b83967e3f27..c423c7cdd095 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - char *secctx = NULL; - u32 secctx_len; struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && @@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + if (security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); @@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -510,11 +503,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -553,8 +544,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -580,10 +569,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -1106,8 +1094,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct lsmcontext context; void *data; u32 secid; - char *secctx; - u32 secctx_len; struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, @@ -1167,15 +1153,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(&blob, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + context.len, + context.context); security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index ef139d8ae7cd..951ba0639d20 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, { struct audit_buffer *audit_buf; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index 352c9eb98425..ab5d2c9770f1 100644 --- a/security/security.c +++ b/security/security.c @@ -2209,18 +2209,22 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int ilsm = lsm_task_ilsm(current); + memset(cp, 0, sizeof(*cp)); + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + cp->slot = hp->lsmid->slot; return hp->hook.secid_to_secctx( blob->secid[hp->lsmid->slot], - secdata, seclen); + &cp->context, &cp->len); + } } return LSM_RET_DEFAULT(secid_to_secctx); From patchwork Fri Nov 20 20:14:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922301 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDFBFC6379F for ; Fri, 20 Nov 2020 20:32:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7686E22464 for ; Fri, 20 Nov 2020 20:32:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="R4bpq7JC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730702AbgKTUcA (ORCPT ); Fri, 20 Nov 2020 15:32:00 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:32873 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730941AbgKTUb6 (ORCPT ); Fri, 20 Nov 2020 15:31:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904316; bh=d9qjmRxQpH8SFhboWp6UhmW+qc4RaLALjgtGk/qje80=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=R4bpq7JCL7qXKAxORxbjMv+BR12HEAk5AnT061PC6p4Vm4JoZcDfPGTI+NPb8c4ibGaD9q4e32j3KIlvRmTZzpr2wugDjxX/Xe0sjUesX7IK3TmosxQYS5cdLGIvlQY8yeqkdZ7jpV1+4k/0aaiLYkW5G+X3R6VbQfhSJ/j3TpsYZ5sNPo28wVKTIYEYrPiYheuTTTN5fNgZjeMvL9KDCGXm0GF4G/IlALlidhcgnU5xwDrz2TKFJPhMNtqsyEP04TsCPzUHgnCjaMNMblpS5QJPBYNd5jcN2eu5+mjKAQj19Z8ETYzsrdvUPeJRS50M6XCrF8ne88kEqhzlfkrKVw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904316; bh=FNKerAmDCJR5/GgTsnuTczNqYxp7Xktj0s2i9RtQSS8=; h=From:To:Subject:Date:From:Subject; b=KTRljfEabFwWpT3NEi2pnD7fS9Hy+MYIkCiSiZ+MS1kuGwFy6emu7+r2HjVYLSoKAzU7f4qV/bCa3bivMM7YOQBynWujBsE3gXJKpRJNkKCJNhs/EU2GQqOkb5Dhj5f4pvowkKxVIDY3HrsjQbKZC88ZwJawLxAp2aVtn2QqtIUlc/EtvA0eE9d/UKXeBFGQ7eYO776CgKTyImShI9/m6ahvkBsBnG1W5LMc9SVgvrnS3bhI+ssxRsc7EqcXxs3pWwQtH9DGFa95JxLZWZQWA9LhXd02QLWkrGG7MNlzL1+Wr7nrzB1BGVL2G3Ok8E1eJJMQ/PwhI2nzKDCmSA3QCw== X-YMail-OSG: aw2k8_EVM1mjkq_LMVkDeawCxJeTa5Jx1T4wnMwi.cHf75Am7Kh.MXlKPF4kYGf BeVsa.oLV1.XgSvqRhap9nJoVXrsOCLu15bKWMpiRbskJxBJix6VfXJo0IlgYidaOW3ZnJgNXT7z XEqG0t0qWDcVlvpS4lrGfk.G4wKw0r81BIHtqIPhXb7d3cE0BLe5xXWak3H_SUrnn0KvMqe.LZdm w9N6CDOaU5WNBB4lbv0A2KS0W2f9AKVkJqZrQu.JN2md635qGDqXyxMhdYh9ln5uvs_oh3IHAfvv Smpl2LxExmZHUF3hK5aK1x5462ucSpFRM9xB9lK5cdvPSep5Pmuo37gEGZPnHu3OKk8yY9Mv0sQR G62_WP88BkSPuBfipydWNTkZXuQb0h2ZQbNzBgr.epY4TzMh1Wn0X2vUdn7LBcm90d.CVLEXEhLl j_t.OXhSiekM9cEz.DeuuQ8vMlaFF9AJzTX2wH_1PaSjmNLg7tMjVLB.su8yZJKN7NVwI8.tbReF PCjvlTZJjctxNZRBJZSHTq7oGDnLRWfd6CDYbs_LSqioPQ5HF08BQOGF0n6f4IuQtI7KgZg3eNQB 71xBG19BxRB1I65iauxtNAxrboj2VuPRWAzZJ5.XR8Z9nLOFKgtkJ9egIw2tSBp80JTQg8rd8xvG UQxBqv5_lB97EJneejFePZbl_hHJQVsMNve8cKdVH8S2019OdKxTxMM600WDUa9IIUjYN8TEp3K0 5_Sxxps2uecxpzZ6YokKn4GPn7YasaUoYlISmladwFxTwDcsYHppIaiXi2z0Yb89yO3OXC0JFxri npHvyifrw_5RNs4Gof6m1PPXMwr3NwK.crlHuC5MusJwgke3fPeMglwGSKatsx.kqs..T6zHMHTF fxTbKmwznIgKYNZsAa_ALtDihafG.L4DkqJat.wFaVURTwcwmhoktDHzVzjgha68YfnH8q4.xiv4 dpkA6mduA59SZZETbB34.Z5wBmiAxH18RK5pJ7TGRQ3Fjr5E7mdVDqVkdhMPPixYDU_QuYdG77gg qEFQ5sFglO8JNoPdvd3aL8MmjNWBEkldgLnZQSKepwIe58JFm1cYJWJIoZV0WIBi8loLoZw90efy 4gti8.5vfowpx5pp3nTZNMwRuIpcTv7WSI3v07Oc4X01iwLKC0SJ.ERNiL4uosYzt5oKAIK99uRo gFZN5bBgj.6FTKm5RgLRXgH0.PMn49wfyKMjSrOAAgF5hokYl1zOYuBOKzR38o.D.3N0cSwiXnU1 ZfInFbDjjqDZr9WtmXpjI.Tgv7xKWBqQbN1l.k9T8H2a75B0WnoKxqfPUVsNFQ_6i3ZwmQYCU5s8 .VhBzVBXLXHVaDAn.dXSPQ5AZuzVJYi.Tz7qFKeH_zVh197hS8Z4T1.rkbE0Q4lNghXkBtlkhebT geJGfRtLeSUsIs5s8oU5dgq3O1rHuUV8WUiSFCGKaLUXB44f2x7BOEqhVCjEMuXPQ2BiCVvbZqFA yNH92Uat4GqBrcJ4NCxvFfZ1DJKaEZDtO.3NuaSu5xPVbhdDY2F6mBhyPJYsNfw01RAwH5OmEB48 NnXWWSRavLfQSY3gAEfQ6n6e6pzK8x3A3TELp_s.k2gFhMpwMI1GBp97P7UyyC8g3E_DfckUvwjm gbbHJvArYUPtTp8WvAibsoMBCwwywrL_6Em732EJs8GbBtUnAJ9zkVfIGEboORJRltObBKBwNAto 4El.7MFfsrdhudlHfyh64s7tJTS6df5dNRoUfUO61qqN86cu2F2Z4MkTNhAIZ5BLiuJPVWBMa2zm c7Te8QjXSSQCkb9MsvFKda0Z50kpeO4_Fl0z6rD4M9iYdc.JLY32erW8uFhgYLWuNGhuerp5DW6w cGmNh32jG5WzQNjEN1ihg5dFak1AWsOFrpUaRSFg3XUurWGoZnFz4tZsf4Zjm5MCuPFQR_TLQN.n oj0HEgPGuUK51wpFBjZ4HxxeIUN2.x.Rb2FzG7RPic39WGAHBG2XYx8F61B0LWK8t8lUCI.s3y_Y qVoq_7zBv.oqeZrTEJzNIPfU8Ar7lHMzEWPgyjvsCm7OdSHcCLUJ1ir8MfHBUdhuBSjEXCYy7oCf bJ6E6aWfvwE6.f2wyzZA7H4xsJ0Q8pz9M1W6CZ.nS0C_i8RKD_4qms5P3bMGaLQtv5Z_olt5SbAa wDYTpt7tkIAezzLhsqGE9BNSB53FyXIo9UqpOw2NgQk8ixyclq9PlyRPGmTffzWQsUS4Lw0Csnze 3g9rre7oI2S9Q.SEDW.7Ksql6ZG8F5BuSZ0ufwkeXWZ9uecY_o9gaSH9.iewPh4yXMS5L.XZRi5U WgFP0ePTUHkGWhslg3xlJbljV7V56Gr9KScCRiafzM7d5AhE.yuTrLp_BEixwaLKdFmz4_MSf4d9 _QAwS2vQ69rZ.d4l694RHiHclZWmJ.zaADN.c7upzGWbKL7kwsYfUm3nwrRrHXptbqm4X3h7eKvD .VnhUKq_AzXpf8v_Lowxou2DcdseTp8FWkqdK2aO1rt3HQKoik0YqTtiOdALJpc3TyVItOhH16vt Nd9pdtD2QRshPIwcslm8IdkWv2AZ5nm9nJtoVodIqwoSfllXn4N6gcKIy50_R5NcjQ2iWUsrVMhk uKLC0DISs2dYiGPd7pTu9pNxFFxe0ZKAbCswyGy9przkXAp8YsjUIggzl1tpfVAGXi6XGWBWw.Zg yRkRWgfEI8l7Q3QzNqAROEr.S2domBePUgOTEzAqIIAKuWGqGQGYXgnfSPZrtWS.vrGpt6CeO7VK .kkAVYMF7GwiqVVQFBYNL09Gp3y1JPLgJV7u31H.fEyPkDA7kyEunXegGNQ_ADzxBiHljk7LemIJ OG3knaw3Zcly2kiOOojGXa1Aizs.w7B1hIDQNa165GTUXHnN3YB62eGKnggaUm3QSQfXquHV4nuR 3pA1DCpQU_VvljpVwkDteYRf1DIevZGLC6hMT09tCdrbIhcuGbWjB7ShY7HLXKPFaRpyr8mBclaD iNI1HX0HVkl5TZDtHJOpKAXF4AwZTvnDrGd4wnQOvakduCp55y5pPqXL.Mg6bp9bEygby2RONVrd Yr6twCAHIGbGTb38QwfBY8jk8IaVXi_iN8inD8pxcxJyyNDbtdYshFjxjPsQFGyOP8J0P_w-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:31:56 +0000 Received: by smtp409.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b88463ba9175d4b4904dbefa430c1109; Fri, 20 Nov 2020 20:31:54 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v23 15/23] LSM: Use lsmcontext in security_inode_getsecctx Date: Fri, 20 Nov 2020 12:14:59 -0800 Message-Id: <20201120201507.11993-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecctx() interface to fill a lsmcontext structure instead of data and length pointers. This provides the information about which LSM created the context so that security_release_secctx() can use the correct hook. Acked-by: Stephen Smalley Acked-by: Paul Moore Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-nfs@vger.kernel.org --- fs/nfsd/nfs4xdr.c | 23 +++++++++-------------- include/linux/security.h | 5 +++-- security/security.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 4ae7e156ea87..3092568d5ed3 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2600,11 +2600,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { __be32 *p; - p = xdr_reserve_space(xdr, len + 4 + 4 + 4); + p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4); if (!p) return nfserr_resource; @@ -2614,13 +2614,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, */ *p++ = cpu_to_be32(0); /* lfs */ *p++ = cpu_to_be32(0); /* pi */ - p = xdr_encode_opaque(p, context, len); + p = xdr_encode_opaque(p, context->context, context->len); return 0; } #else static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { return 0; } #endif @@ -2717,9 +2717,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ - void *context = NULL; - int contextlen; + struct lsmcontext context = { }; #endif bool contextsupport = false; struct nfsd4_compoundres *resp = rqstp->rq_resp; @@ -2777,7 +2775,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { if (exp->ex_flags & NFSEXP_SECURITY_LABEL) err = security_inode_getsecctx(d_inode(dentry), - &context, &contextlen); + &context); else err = -EOPNOTSUPP; contextsupport = (err == 0); @@ -3207,8 +3205,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, #ifdef CONFIG_NFSD_V4_SECURITY_LABEL if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { - status = nfsd4_encode_security_label(xdr, rqstp, context, - contextlen); + status = nfsd4_encode_security_label(xdr, rqstp, &context); if (status) goto out; } @@ -3229,10 +3226,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) { - lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ - security_release_secctx(&scaff); - } + if (context.context) + security_release_secctx(&context); #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index c86c9870b352..20486380c176 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -566,7 +566,7 @@ void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); int security_locked_down(enum lockdown_reason what); #else /* CONFIG_SECURITY */ @@ -1413,7 +1413,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 { return -EOPNOTSUPP; } -static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +static inline int security_inode_getsecctx(struct inode *inode, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index ab5d2c9770f1..31c983a252b9 100644 --- a/security/security.c +++ b/security/security.c @@ -2281,9 +2281,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) } EXPORT_SYMBOL(security_inode_setsecctx); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + struct security_hook_list *hp; + + memset(cp, 0, sizeof(*cp)); + + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + cp->slot = hp->lsmid->slot; + return hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + } + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_inode_getsecctx); From patchwork Fri Nov 20 20:15:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922303 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89DE3C6379D for ; Fri, 20 Nov 2020 20:33:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2AA772223F for ; Fri, 20 Nov 2020 20:33:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="F+I6Sh7d" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731329AbgKTUdH (ORCPT ); Fri, 20 Nov 2020 15:33:07 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:46764 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730581AbgKTUdG (ORCPT ); Fri, 20 Nov 2020 15:33:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904384; bh=p1YuVBPZn7hPysARDQWvRpJ3a5rIGoVi+47szzIkwO0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=F+I6Sh7d2h6vGrIanUav0m4hVWb2xdGgaspur+nEjVmtS3aqZTnCVM2w9bUJixXRzArClYVxWZq1JJ8286hq/DPuFNQ7ImAttkj5QW+LSOF/r3s0BoKT+YnPNvDnMnjM+Uf7DPVdG+1XjGlqM0AHnxB41mVWPizv3M9bFvWQtvwhBg4RxXNe+kF9EsIihfswPDzng8PZe/9KlR1r19jHYa3Yckp0tg3jNRbGhwSSECjYkXrTY9II1grWURIWBreE7dMthR7mnecZcbgeYroegg/NeckuDh95iI+f0bhp+tPBAB98dKqz3DwuSqMqsxGhPrwMn4JetLBGiN99iStitQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904384; bh=i/sIO63Ulfk83/Oc09fol4Q0rsuVBvLzpPZfWEzITJ/=; h=From:To:Subject:Date:From:Subject; b=niHWB/iEgXKj1vczruLuEq8rfA/VBWCB9ULj1eXRLxAEns54jS2MT/i0W7wWn9R58CJ8Ks93/YpWu5mNFnJSbV0eYJPaLl66YD3qCnvdwWsMAogXVq2kUGBYW9D4iR3SZbHkFbOiiAqmxJhd6koXok2ZJrQoQRaIlrrAigejyv7dPicskD+duG+aqaZyJsghngrxAIewm+bKZFJEuMQIAtqKV//XYp7ujk+YiQK65hCVjveNczbvsq/Jgja9sA8nbzqtLLzDAx2MWZDLlQxToVhF63Nk+TxpoOk5Hyqs7a5jMg28xlWNrrFrufqkYD879ImGRxRhHVUza8edgKazZw== X-YMail-OSG: 8eLaW1EVM1mKsLIVlBJZdxQ7KyzuMKjKxFH4OsKeG7wxCRhDLhgWAPxmjoJPIu6 OKchM9GBNxRGMvABQXm8WzduzB1EpjpLzBRWXasn5eM0fPvnkKY2RDBHZR7maMqQ7DmAn.8YSLsj ighoK842dgwRTcwLTPdleM3B_T29dXeZea1Nn2rQtZgi2XEXOB5cAnrY54erQo0266IcNr101lck dA09BONqVAZBBhx7sKV.yI_94rd9aM5Au_YxXUvzeKljsXROMddA4OvyXZCbDHC502PO4Q1v3htu 7lp.VXzqPmk0csggA2rJrsrgVuRpPfxqtWiukRryaVtGLyRzYqcwFGbHu7yQqBxJ.k8j4AQnFumU 1myCog_sck.Y9QYz_fSMk5HCT3.hYhVJDGDZ8iEaJl2WlHY4lV.JXAXuegWsO_U3fVtknEjnp7xB rwQPW57OiCiWYqOPwYolVLKaynkjFlSNaZrjbBTa1x4Gb4hsII9mZ.FB9DGIKr96q5x10r.sj7it NK_YKUbO8cNR2hAeXhp6OV.V7lqHWqUYaDAQbVE2Q3b6zIJ.8YXbSs5_Y1S1fmpzynEb0XfgBJwe 2Twxd4CVc4N9wIK20.PZ193mkzVY_ZtCabeUvtSHfRJbIVydVPurXvRf.CUOdsDKRhSE4iV.5ffd nSpBzjnFUbXLXTcZueVMWqzUuGR0C_zc8X6.VYf2OTB5Fknm9Z5zw2ixwnNC1uOY1bwkyhcWRHL6 jraHzVis_vbOhPwqzdPuu0k.ptbuW_LI7.ef3okIhW9XkeMJaNQpMEaeaXlUhELfje.lkkKsYulk 09a290G_GiGNw8Oam7SphaRwfDGsAGV68UsnwgX6hn9GC5ykT93IWKjgHw4iprNS3WRoEzFWmfQv ys36DdMdBCX8Ofh3uTsyjc8QRES_6_UP_OkF9NzbAKH.TE61RPepvlZUmXIRWKbY5aYgDvGx8Tcr yVpnVTuCQe_Atvau.ExCLiEDyyyVMb9IljgEYzMOzBF.MlTM.LwIOJeiQLTMHJOTBHpg88NzkPC6 ucjnY5wDSOtnjNAB562L.0KnkSw80gb8xunv04F1vruKGzC8eWaOM3j_mj1NI01T8rKctjsgE867 1JrYgbkNdI2OOYMBlzqIPTKXZLfTXU_GzVSx7havFEwht9e5XvCHfHpW4hNil8qzR5GAlBTuRuj7 MF_Cw4HveaAauOfGcXtNkzZnjSYMkPrXINWNMWn3ZVlYgg6u_6djtJg9KAgNqMo2wSEke2MGQSvs PYSU7DLlb_hn5NW7XmfO2uwUFcNbKD073c3JYSdh8U7N46yB6_dxcGSXqVGN4bEh5N9z.Twa3gs4 13dzihOGfOPmqLDYI4BHco2AkhAbCoWFFEDremQzim9hUigAYV0FA0fWwpSAcRJe7jaijUjS07tB BsvcbiH04T_t3_0AVWHozuWwYbKvuEav6e5EoJ33392WkGOta2fhkdDrX2I4Ozhx.dAqtwkrGDDa NV1myVpDK31zXufgHGyYGrzkqkmqZEJfNVTc7QQrZL5FyO_MXZ937IMqmkXMvKOcz8jYDueorQsA Kg0XQMb2QpeOtXktrx8tYoi4dpWrrjBhxexFQ9rxEKbvq_YPbWM5OPB8qljTi6e1Hrg_2QAEC.vS yuLeB7A9qTm.c1ljh96A00p5hpTlsVPApRBKipep.FVhlNDT1N.1QyGHqvhv33yDLN6tD6HUOqGs 1q.xU8U5FkHR.NbvNVySBlE44_ozTGXos0ptcSR5Lvl3lRP_38bglhbLKd7vFOVRXjbjcouFZqrK Tb3QJKeNsRLSaTnoR4hSF1qMbqFVzrzhnQVuthqZw48lXsoU9nNhwYnO9o2elf7pf1BiaqEvePd1 3anNXYbsLIx5.svMYmAlHelqsbG5iFAe7WMKNk6xZSYLAusHDj8pIQziCl_ulXTbdqN7DU27di5_ jrzESMozi_.ySvvUaBitgITsqdrHyAhODB0r7AGwG29tLEmKzI3pRU_zjFF_5mjLFSX8L.mBX1ku iYAWO9PFZMO8Vu9G4_suHa.a9mh4ljtAmV7ZBpm27c.7tshVubVNrwYPlFJjp1iikEUSPFTFUrdE gQWIb9isCvZhtAmzL.ajzuxUXDRmUkppTBpEUnOmfECBsYv9ugsIUhOTvenjjPu4RaNd_bQIX8UQ Q1fkdvK5CLk4LV9u5a1XeDOUjHjK5cKfvjWiDruCAfZVh0FSehuWndvesIycBgScqpYqG8P_BxuH E5w_lhyGtw0bPGcBz9dPgmUXwEGgCykEYOsiIorfvXfgLGJh.eT84Si9ZI1UgUwh8W8UXmkF2Lu0 jWHOsZw9go3kQjfc4wiyY.vu8_DUAKsBvb_HTAFHxfPV_8obOt854H48g3Je_vFYxppBjl7RkeWr TEiEFJHO.cJeMxcTdPf2wy3obiqsWw7JxX6Xp_PlJYRlTdnxvaADMmq7eFi2.RrihZBNEXC7Z0ml FtUk9hOF7MUDH2aYrY.S8QzB0bGWHUzCM2bJzgJhBlYHi2qXCLif1Rr8hKwWikE6b2kJYk7Zq92b 54xBDvir3xzjCkCT4iEEysMrnvVS68y_0ZipLH8UgEXqCJQ_5RJGR0FNmNr.2A_zdMNo3PT0qYwr SYw5b.aAZkcZp2rbsCYm0keXOvitsek.GVyJUY3IXXOOZ9YYR_tIBN95s43RMSVkGbwnRf.qPH08 OmG95nWLHcAQOZO.zY5t3BSdYEd_EL8zVKD6GMVFPdLATphReucIBkZAfY8g0mZ5D14VE89bVkcb 0ee73gSzTN_8Hkc8MsD2C1loJePnbbtLuBYMQQRgf4E3k36dYS.pfLrVv0DqTCjur6pGD5LO3yL6 20wyaKZMjyyTPJjXIn_Rx9BJd5vnJLPT7eGOS2zYJIDgL6EwJgmHuG7cTTyHicFfaQF_OVn.FFEA GdkZ1f8VfHG6oAe96ENLaFDib6hLM4BBQDoTJPfc23uQqlmn4lGCNpldC8SbAjcoJnElo8REX1Ej VhKLIosu7lEcJeupNKYqRF1YCk9.66FsW_CTr2_46uvEalqUwOCQIy4JCO27aPix_lL.tfwhOLbx Dwzc_lBjNDozNavWLs7fvWECnELMBGllFem2nQrkP2lBx.1o3yhVz2RIASFnqQuTrBcQ8bQi7bnR LAUlsvyrMEBbQalqo.M6WlxVnqVsD._oN0IITQMAXxF5c6G20CXv7S6e06Ja6P6h.0DCc95uJHdt r3prgh7mV4vdn7s8BtKFVKKEqbGOF38nyS4ZrTiAy2z5BfaASuQXwwFMF1z2qx3JtDTKU4UKTQiE - Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:33:04 +0000 Received: by smtp401.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 359628cbfcbaed5b6afc835050250cb1; Fri, 20 Nov 2020 20:33:00 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Pablo Neira Ayuso , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v23 16/23] LSM: security_secid_to_secctx in netlink netfilter Date: Fri, 20 Nov 2020 12:15:00 -0800 Message-Id: <20201120201507.11993-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 84be5a49a157..0d8b83d84422 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) return -1; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) { - u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; - struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) - return 0; + return; read_lock_bh(&skb->sk->sk_callback_lock); @@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, &context); - *secdata = context.context; + security_secid_to_secctx(&blob, context); } read_unlock_bh(&skb->sk->sk_callback_lock); - seclen = context.len; #endif - return seclen; + return; } static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) @@ -398,12 +394,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct net_device *indev; struct net_device *outdev; struct nf_conn *ct = NULL; + struct lsmcontext context = { }; enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; - u32 seclen = 0; size = nlmsg_total_size(sizeof(struct nfgenmsg)) + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr)) @@ -469,9 +463,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) - size += nla_total_size(seclen); + nfqnl_get_sk_secctx(entskb, &context); + if (context.len) + size += nla_total_size(context.len); } skb = alloc_skb(size, GFP_ATOMIC); @@ -604,7 +598,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_put_sk_uidgid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (context.len && + nla_put(skb, NFQA_SECCTX, context.len, context.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -632,10 +627,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return skb; nla_put_failure: @@ -643,10 +636,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return NULL; } From patchwork Fri Nov 20 20:15:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922305 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C64CEC2D0E4 for ; Fri, 20 Nov 2020 20:34:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 59C67221EB for ; Fri, 20 Nov 2020 20:34:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="O72GbikY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731117AbgKTUeO (ORCPT ); Fri, 20 Nov 2020 15:34:14 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:41230 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731086AbgKTUeN (ORCPT ); Fri, 20 Nov 2020 15:34:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904451; bh=crIqKrBUbHMKdYYxrt77bD80SLwg23JaX4cbNu2P99A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=O72GbikYBYcS3HmtC5K+vXBBceFCGF0mbWv40hSqM3WtGxh5O/iSlYPBOcXSTnEw6sKJUsGTE9HcYny/eKX/6uxBFFbl9o4snxe7yOdpStKJug36Yds5/plWHr9gJO0bVl8ihJeP5DOQ+r1iZ2d3pARd/E5eHX7j0P1zv0l+fr4xwyVdHmI3d+9ha3r8YS+7dHyDOEjSaKTpoB9ACZ+6B2cqaH0XomWk/MuZO8c8aWBD7x3TwuDWnlUbElnerru4Q3nqYchY2JxBkc6VyZvA4kFLC/xigTW5isQmHj8zp6d1lMlpSdq3lRP/7dQLc2hkqS//lqc4aXVyS5qbmlgatw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904451; bh=qi4h2KvpvCLtvMIdMLsAAG2aIC7HvjbX/iwMdzH/fi/=; h=From:To:Subject:Date:From:Subject; b=BBgP8/qWGJCjNEBXeupytKUdTNbOt6Ci0MseZhXTGN2YwxzSa+iL7OlwuDtZKFOuHkGIRAPJ4dERf6+jgM5lirBk6eMNLxw7C/V2cg3OmfP+gk3a5PMuBZGIzhecr+YArkIB9ey1TXt10LCGgGiabvHO4/EG13EQLfmMIDMbegf9aDd3GUnnmmd14JLE+JD+Sjpa6LbCOr16v4+aUJvXt7R+nN16Bg1vFyusjdyr6T+Thv7Sra2Rvkb2VKw4NvYCaTvrVLhbo6FpiGC8E1y5mykXpe7C6EUB9odUqfSNuJ54bcSoA96izmHVmbFEFsQFaLtgf/GVOlyxQ6Ek+jABJQ== X-YMail-OSG: 9MdtufsVM1lfd_ldlLtz_yhQ7rMqQmpbYh8VLShll2PcsrG6j0HCZezhgcXGwaL h03rBCzYNOgnFawGuoRZlZkWI5ICagJQxHtx3L0C82HX8sz.x.ShR4oE.jCxqB8hRdxp817MYg.F iqcykI9LQ_.c8z2CHWpn3LivNmJ4khvK5wDLex8PMjLUryRjXtQJwHv_z1LSHbOqLmDhgCOwQHwA Jve05K6vkICrY5gMaI2FpVghpRlpmgPcGXdBNvYgkhyDEsHHqbMrzu6.s7LXmThaNh8cpmzLs57b rHjn9402aN.2Y3SrlG.hCgdhVLSROpy2u60KCy748Z3owceHGZtUKE.hfX1qUFEJGqkMv_CxUXfM 3nLTIuAqjF4PwsbCfvJO_Yyfq9HjiqZuN4fj7Ye7_W30l.lrkHtEvKGIoRdQePmD6onwt9uJJybV hpXGZgu4nFMiPm1Hixu5R1uviCALv_rDnH8Rh3_LQVk9h6UdmIqO8fj6R6ue2UP46n1xGtYQaV.y ssbJRy1pIOhCPxAWWc1BrIC.FeJlCVCI_9Jmyp3ygKQjgVPRj8BlORJuh2Lquttdx4OFqJd4IcMC uXitWw.KONOiM.JhUA9khQroGOkCm51l5fW2NHuPYnLx9zcBS6PwrerORszaqxhRNuW9wuHHAtDt C2HB19xl6BwnhDiXuKkQjnfEZUxXYUdp.s_P6il_KuEmjcrwdHZ3p.Ru3iXOhjuooQsVQdkzqVVi vb.X3YlMTOEtvPNziArSFYul6Fvvv4NQ.YxubTRTm.RgNA1U5APmJbwioHtlKEo82UGasZiR0DwK R45ucyZv4cI5kYk5EXwqKGZ6lwjqVl3ijvbwVsWkpmh9pkCq2ckf1LY1sOX8R_gmHaYHdyjVSu9C Ii6B5FhB6PZ6OoUodNkiiG1FaMiuAL327TL9cSucbAYu.53KO51cYh4As27ekWmKEhGqEr8YsbOj Uls4ovaao2WinM7Sxb5QPDtjtf90Z6cnrjQhLfM6GJ2nIgA6Ws0xanqo0CQCMSz9QqZZX71xvd5M P3wJlCiEcp_Dt__eHAzPrD5Mz0oIKuJG5I7EbqjQ.ASXluXI4bBbH.0lYToKMmJrffzsyKy8759L veXW_0QgQFulgt43vuL51btSO3fYLmokdWzwBIZhj3PklsCxJN.UL8Txl.57jlZZach_JsI1Y_OM 86IFktU4MpCyKpqX7Uxzx3a4cAYJzzK7Dr97VDHeh26dZbTXcNEGw821SBxU0pNh9DpjTm4JsPpJ F7ldq_Cq6iFzDS8BP73ITwXlfSc8G_PnalOZ.g5jX7AcsEbufGB_36t6hz.6T34IxjtejWAHdUfY NjModikOiuWn1pktuYqWdwsOuAfikR0Ao3JK4f9EnRimRmitGTocutq7.gbYKEC.yHWH845iNgCw opOvXO0qXC6Y6Qel3ucG36jG3OajXslZOMfTNK9T84HRzq23koa0liUTejeTVJ4hBqJc0JtAdBPD jWqbgK9kIEtEre5MsmvkADqztUAw5yU_uDAbqFCuNK93YCGFtonAdFw1Z_Wq_LacwYyMm.irNJBB OnQzSZ1_7pH0G2VonWBU6qtaeKuhEprgG58DTYBRnNF3AaymaG3hDMgLtJkc_Tv7IQMaH0brBw4p lLe7hqpFAvaj8x.S6wchC2orrjqf7UiIShTV2uxZOJc4vJE0th2ARg1T5xg6P4OQUsnNvFlBQABD Sw7e_E2_Lr11FcaYwMvLj4TgvW7V_1uo8k_TbEae1QMucux9lQKbwB.zzOdSB5ssvn89KKFW.bX3 kvC7GZzkLg_BY4wpcspG4bueSNnbhrjUMahWb3Jc5pU9xlEdELNYtr2HFvWlmLY4EcfcuuPP1.gw zCv2Kvy5jiHoWr9RrXDsXDcMkK3eaKMvrAM.Wm8vHovhoMgSSDvZpcPeajVmbAdCNPLv_rBKwlFy tCLP10589t3aOxWW1aQGhcdpBCr7MTj4qm.x9aXX03MWyTdxELqVpLmSG_E_25YpBrAmjKvR2LZs bsKi4Lfbepn6iEA6.boGiVU4ulHoIFH1DiL7PmkcKP6iVLs8w2XP.YcNx8ZHGv8EXEyKl8QblIHn JmczANlLzVPoyrLDJl02zvV44ynHz4jFnQQlGLJkuwIwQj.dBXuLEY_TU0.AnXC3qux1EQdHw_gZ 6thbf4HqSm7XTOtdfouEYH873fXgb2ceGoHiYY5cRChbs5kSMAmT86LdH3Se2vCKPo5k55Nbb75_ l_EibztkjXAbRHXPWDRjg8e4CNMpJVUhhNsY9kX21gJVD.zcr6G4kET86taJj8ReaxPLBDYiBL_1 5_iq4UsawJpG8EBV4GyC2JSsoA60OXtco4MIJmnbu8s_Wwi2toe0BNb15X6C3W8HHhWd45FfjOO4 uO2PW4R1Lr2t0DuK9_yzJmRqC_dUxJcb6gjvJdxwhCIo2mScXTgKvOfetb7WK4Q9M_tcrYtWslm_ pTcGZ5LKRnpQOaHLkGmcyzxJwT0BsUdNVPsurRzAN9fJZ8FE8eUHetWsPmKIy9K_4.keLUrZ8mZA 0Eg6GWB1DLc8jCMZ3PBXB_I_PvPpKok08U3guC9hGLa1e3gTODJw3iApOCXp834XLt35ur_Ef8ek CwnKwgxd._AiIsL.qEXusYaFJs1Q3zx071E_d74LLu4Elw6KmzsfT55T.w.5GQ8gkFqwvv5Si5d7 TTJgjpR8QAFD7RJ.1UisNFFoyqwiWeJL.Hjb96A0SUAg6PCSI7WcIbzTXHWenXdV4LfsTSCf1CY7 Q4g8asGOPLGCPGCLa1g7oE45AXM6Kk.OGLoac6KWzH0ltQcB0z3CmxzRhIPQ055QB98Sf06yQ6K7 B8dK7EnqjR36w3Kx6cfhWiFlUiIJ6aRa0iEwVyxsHPn3s.KCvodKPxdK5oCeDmh4nUj6t.LjQ6Qv CIJL1w8HU6ylGBHCBNPFp85jjTNsMexFpA1bypk_P9gBapUNmNhUrfWbVbVoRzGlF4cr_zCvbEQj fJErrF0mmynzGwboEMg0c3SMuvwBlyMocCecsfmHrMYoUMG7nqRQIa78oFZ4rf5hAdAcdUr4wrCv O.ZOMkm76PG7cGjBeSoQsPNWtn8tnEDmwL84.Kc_46Bs0CIb1yb0pMS92DhqqNUkohVZJV9.KwqG KoqYPEL50gzd2epq9vYPl_B97pasYV4uxLpnokX8LHJnNKoQljEh3xe0qWwnqxrC.pnPIhBTI5qZ CZdQG0Say0vrc2wm682fpqczA8qFe9eMZFd1BpDZPdi1vCiNJv6aYnqktXFh2scmaWo.X_xFm1rd 5FQfN8VfePc6NM4Ca.9bkqr4GU23kc98StFLi9X479keb3IwUlqyPlD6vUv9RzDNuwOzU4r4NXWK rbFQicOL3aC0F4BAt_i2XtGVyv41JzBje_iCsIR6B2YIOR7zxyAdPgCDz_nvMuUB2RR5Ls02o4u5 v Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:34:11 +0000 Received: by smtp410.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8f5ecd6101be0ec9b2e955f6c5f9e05d; Fri, 20 Nov 2020 20:34:06 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v23 17/23] NET: Store LSM netlabel data in a lsmblob Date: Fri, 20 Nov 2020 12:15:01 -0800 Message-Id: <20201120201507.11993-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Netlabel uses LSM interfaces requiring an lsmblob and the internal storage is used to pass information between these interfaces, so change the internal data from a secid to a lsmblob. Update the netlabel interfaces and their callers to accommodate the change. This requires that the modules using netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c | 26 ++++++---- net/netlabel/netlabel_kapi.c | 6 +-- net/netlabel/netlabel_unlabeled.c | 79 +++++++++-------------------- net/netlabel/netlabel_unlabeled.h | 2 +- security/selinux/hooks.c | 2 +- security/selinux/include/security.h | 1 + security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 4 +- security/smack/smack.h | 1 + security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 11 ++-- security/smack/smackfs.c | 10 ++-- 13 files changed, 68 insertions(+), 86 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 43ae50337685..73fc25b4042b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -166,7 +166,7 @@ struct netlbl_lsm_catmap { * @attr.mls: MLS sensitivity label * @attr.mls.cat: MLS category bitmap * @attr.mls.lvl: MLS sensitivity level - * @attr.secid: LSM specific secid token + * @attr.lsmblob: LSM specific data * * Description: * This structure is used to pass security attributes between NetLabel and the @@ -201,7 +201,7 @@ struct netlbl_lsm_secattr { struct netlbl_lsm_catmap *cat; u32 lvl; } mls; - u32 secid; + struct lsmblob lsmblob; } attr; }; @@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_cfg_unlbl_static_del(struct net *net, const char *dev_name, @@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { return -ENOSYS; diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 471d33a0d095..1ac343d02b58 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1; /* Base length of the local tag (non-standard tag). * Tag definition (may change between kernel versions) * - * 0 8 16 24 32 - * +----------+----------+----------+----------+ - * | 10000000 | 00000110 | 32-bit secid value | - * +----------+----------+----------+----------+ - * | in (host byte order)| - * +----------+----------+ - * + * 0 8 16 16 + sizeof(struct lsmblob) + * +----------+----------+---------------------+ + * | 10000000 | 00000110 | LSM blob data | + * +----------+----------+---------------------+ + * + * All secid and flag fields are in host byte order. + * The lsmblob structure size varies depending on which + * Linux security modules are built in the kernel. + * The data is opaque. */ -#define CIPSO_V4_TAG_LOC_BLEN 6 +#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsmblob)) /* * Helper Functions @@ -1469,7 +1471,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, buffer[0] = CIPSO_V4_TAG_LOCAL; buffer[1] = CIPSO_V4_TAG_LOC_BLEN; - *(u32 *)&buffer[2] = secattr->attr.secid; + /* Ensure that there is sufficient space in the CIPSO header + * for the LSM data. */ + BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX); + memcpy(&buffer[2], &secattr->attr.lsmblob, + sizeof(secattr->attr.lsmblob)); return CIPSO_V4_TAG_LOC_BLEN; } @@ -1489,7 +1495,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) { - secattr->attr.secid = *(u32 *)&tag[2]; + memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob)); secattr->flags |= NETLBL_SECATTR_SECID; return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 5e1239cef000..bbfaff539416 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain, * @addr: IP address in network byte order (struct in[6]_addr) * @mask: address mask in network byte order (struct in[6]_addr) * @family: address family - * @secid: LSM secid value for the entry + * @lsmblob: LSM data value for the entry * @audit_info: NetLabel audit information * * Description: @@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { u32 addr_len; @@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, return netlbl_unlhsh_add(net, dev_name, addr, mask, addr_len, - secid, audit_info); + lsmblob, audit_info); } /** diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index c423c7cdd095..ab6375d952ea 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl { #define netlbl_unlhsh_addr4_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr4, list) struct netlbl_unlhsh_addr4 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af4list list; struct rcu_head rcu; @@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 { #define netlbl_unlhsh_addr6_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr6, list) struct netlbl_unlhsh_addr6 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af6list list; struct rcu_head rcu; @@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) * @iface: the associated interface entry * @addr: IPv4 address in network byte order * @mask: IPv4 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr4 *entry; @@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, entry->list.addr = addr->s_addr & mask->s_addr; entry->list.mask = mask->s_addr; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list); @@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, * @iface: the associated interface entry * @addr: IPv6 address in network byte order * @mask: IPv6 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr6 *entry; @@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; entry->list.mask = *mask; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list); @@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { int ret_val; @@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in_addr *addr4 = addr; const struct in_addr *mask4 = mask; - ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid); + ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob); if (audit_buf != NULL) netlbl_af4list_audit_addr(audit_buf, 1, dev_name, @@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in6_addr *addr6 = addr; const struct in6_addr *mask6 = mask; - ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid); + ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob); if (audit_buf != NULL) netlbl_af6list_audit_addr(audit_buf, 1, dev_name, @@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - /* lsmblob_init() puts secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -497,13 +491,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); if (dev != NULL) dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -544,7 +533,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -563,13 +551,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); if (dev != NULL) dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -923,14 +906,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * - * instead of a u32 later in this patch set. security_secctx_to_secid() - * will only be setting one entry in the lsmblob struct, so it is - * safe to use lsmblob_value() to get that one value. */ - - return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len, + &blob, &audit_info); } /** @@ -977,11 +954,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* security_secctx_to_secid() will only put one secid into the lsmblob - * so it's safe to use lsmblob_value() to get the secid. */ - return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob, + &audit_info); } /** @@ -1093,8 +1067,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct net_device *dev; struct lsmcontext context; void *data; - u32 secid; - struct lsmblob blob; + struct lsmblob *lsmb; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1132,7 +1105,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr4->secid; + lsmb = (struct lsmblob *)&addr4->lsmblob; } else { ret_val = nla_put_in6_addr(cb_arg->skb, NLBL_UNLABEL_A_IPV6ADDR, @@ -1146,14 +1119,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr6->secid; + lsmb = (struct lsmblob *)&addr6->lsmblob; } - /* lsmblob_init() secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &context); + ret_val = security_secid_to_secctx(lsmb, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1512,7 +1481,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr4_list); if (addr4 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob; break; } #if IS_ENABLED(CONFIG_IPV6) @@ -1525,7 +1494,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr6_list); if (addr6 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob; break; } #endif /* IPv6 */ diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h index 058e3a285d56..168920780994 100644 --- a/net/netlabel/netlabel_unlabeled.h +++ b/net/netlabel/netlabel_unlabeled.h @@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_unlhsh_remove(struct net *net, const char *dev_name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a37afbb159ab..c670eb0a9515 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6944,7 +6944,7 @@ static int selinux_perf_event_write(struct perf_event *event) } #endif -static struct lsm_id selinux_lsmid __lsm_ro_after_init = { +struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .slot = LSMBLOB_NEEDED }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 3cc8bab31ea8..6a40b47307ca 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -73,6 +73,7 @@ struct netlbl_lsm_secattr; extern int selinux_enabled_boot; +extern struct lsm_id selinux_lsmid; /* * type_datum properties diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 6a94b31b5472..d8d7603ab14e 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -108,7 +108,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( return NULL; if ((secattr->flags & NETLBL_SECATTR_SECID) && - (secattr->attr.secid == sid)) + (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid)) return secattr; return NULL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 9704c8a32303..cdaff603153f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3789,7 +3789,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; else if (secattr->flags & NETLBL_SECATTR_SECID) - *sid = secattr->attr.secid; + *sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot]; else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { rc = -EIDRM; ctx = sidtab_search(sidtab, SECINITSID_NETMSG); @@ -3865,7 +3865,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (secattr->domain == NULL) goto out; - secattr->attr.secid = sid; + secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); diff --git a/security/smack/smack.h b/security/smack/smack.h index 0f8d0feb89a4..b06fc332a1f9 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp); * Shared data. */ extern int smack_enabled; +extern struct lsm_id smack_lsmid; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index efe2406a3960..9acb83ce12a8 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -522,7 +522,7 @@ int smack_populate_secattr(struct smack_known *skp) { int slen; - skp->smk_netlabel.attr.secid = skp->smk_secid; + skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; skp->smk_netlabel.domain = skp->smk_known; skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); if (skp->smk_netlabel.cache != NULL) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f96a7aaed6b..06629441b663 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3721,11 +3721,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) return (struct smack_known *)sap->cache->data; + /* + * Looks like a fallback, which gives us a secid. + */ if ((sap->flags & NETLBL_SECATTR_SECID) != 0) - /* - * Looks like a fallback, which gives us a secid. - */ - return smack_from_secid(sap->attr.secid); + return smack_from_secid( + sap->attr.lsmblob.secid[smack_lsmid.slot]); if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { /* @@ -4700,7 +4701,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct socket_smack), }; -static struct lsm_id smack_lsmid __lsm_ro_after_init = { +struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .slot = LSMBLOB_NEEDED }; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index e567b4baf3a0..139768a13d11 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -1140,6 +1140,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new) static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { + struct lsmblob lsmblob; struct smk_net4addr *snp; struct sockaddr_in newname; char *smack; @@ -1271,10 +1272,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, * this host so that incoming packets get labeled. * but only if we didn't get the special CIPSO option */ - if (rc == 0 && skp != NULL) + if (rc == 0 && skp != NULL) { + lsmblob_init(&lsmblob, 0); + lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid; rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, - &snp->smk_host, &snp->smk_mask, PF_INET, - snp->smk_label->smk_secid, &audit_info); + &snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob, + &audit_info); + } if (rc == 0) rc = count; From patchwork Fri Nov 20 20:15:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922307 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4C43C56202 for ; Fri, 20 Nov 2020 20:35:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 44EA5221EB for ; Fri, 20 Nov 2020 20:35:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="WSz3haRJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730184AbgKTUfV (ORCPT ); Fri, 20 Nov 2020 15:35:21 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:37560 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731138AbgKTUfS (ORCPT ); Fri, 20 Nov 2020 15:35:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904517; bh=26h01ctaKjyk0RAuRzURCCx8kTJI+DGc+xQt3C/ZS5g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=WSz3haRJzY8KwrQsQn9qCyhBmW/5ekjyUyPVZJrTJHUOyXmbttPqHRVnmaO/DxAwO5DsyfrapWgdqQEtf5yKkUK78wBqViaU2TuBhFfanFi0C7qXGXMYuEEvrjZmflk5b36eWTlzRokIHYCeXj4US/Ut6Tpll+Uu7ey6j/DW9S247FwJH8azH1Nz8DJA6Ur/He8uxAhF93S2v13U/bmN4plUV2jtfBrIUpwOpYcqi7froVo3YTZwnm5Y3uIgoKHCo+Og5RVI5XBnV8etw/57cqu2mjAkR/VltCBDTbLK3Ja5cTkt+CCgSEJBmnOdWWOMd7DFMdOi/Vokm45W+wqd4Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904517; bh=1TVinPiUK2k+jKdc0GPax/u2sZBBwpttfsntr/DfWk6=; h=From:To:Subject:Date:From:Subject; b=fM5TEUP2oitrUEOvXSOn7QAxCmyXIgrCdIu/1XX7dm0XTAt8eTwBbe8uMUnNtHGKHZ+LDmVAt1m0zs4SbuluUFegRTeYgmpTrSDjMhRbP1leDtT74F/pm77ES2IK7E3G8aJo7B25PFYyQhx8Tl//rguMDrci/Tm6X3t5oUuFaVWaqcGrTGb7JINj0ZSE2FFi2/hBcNAZi5GXT/ojaqiitwBc0iwy/hjC9rdyT1ZKQjfVv5D9sZ0Ewb5m19URMsnDaJczn3q30xPIbQyLGM5KPfqD5N/pEK8OYJVuFv6NzPVrh/YVYhuA8KPJ9r0hpvsFgCwUJdrMEDOSnc0DLIlYkA== X-YMail-OSG: 7fBoCxQVM1nFZTkMb8UW1BMyorAIYsclp_bZ7Xw50Gim9pD6dztIogRoGTShPKq xhzb88i5jpnJUXyMdBbYW1quxqCdMzZpaiyVyQ5NceyHKHO2bf6uq61IKMiihLkKua7wxYy8ww12 Yl7kCjm5uL3bcX6SysA6PMwV6dsk91WnYJVLdldNphl90Vh_Wtpkle2wS8sfkBrjm8fgyUHiCKwH 3sFxBlXjV11icG.ZnMctyWzX9MhT7s8ZYp8gJ_96rmoVwrYkpPpsmdsS72rmz2CeEf2DVbegpNYf 35I7hzitMGGqWUsQngPxIMmxU4hIoAEZsXAamJcyavMqTYf0PVtpF0PcUPVTWNQVr_9RVbzxOuzC 7xl40ZqB.C6aXupF6uBU2TITB0.p_Du3ExPiCP7U6rhR_7lb8teZgHujQ.c7sjQP8E58WD0wAdQu xyPgbTen6wlIlrldvQmp3nPmpK7._7zSE6c4yvpfNwnYVDOiVktQCAF6lH29sB7iqQkcu3DwdxHb JOcUIl9TbZa74AAXFS4wWjKMZvmF.Zz9BfWqc3T9Npn4E5dUXYGlmrST9HThF0sCz1.iDllCcjdM DJHBqJv_.aZdZUNFPUkpchXcfhaXek2GP15hv6t4HpFQFkJVgOZU3qMpYH_n7.ClnQk7fuS5.OSO hrew8vWbm6DQ42nwpRVtF2TSc0.ETUManA9tH39LkEY7aljGtI6nxH5n163iO_pW4rR2yJnimya8 DZQxZmSIEJJ6LPow1oXJWuzeaoD7KRItqP82D5oyLSv1WOcgISbE3gi23T.6.l2gh9JPllVOM.WR _RHZoXiixzJnq0lYUqQSZi4SRRenGAnaZfcmdwRsIXE9J59JzyVW2CkHc4XaeuNVTIkBszFptsNA Fz.s1pvKr4zJYfOu4uWAoyuepqDidobdzv_nXcr29xf.htqVwU6qWI4agpzvLd5VVEr24DZZ3fyL fZYmgJ9wT12EKHK1oRByoiwEPyxFPa0bvbyqzEQ1dgbJLhLXx04wE7QulsTj1QMEhxbnBmlLsBF6 _3XE1u9Cf1GfxEnEv1uwV495UuGeglK5DPHkaW88rDK_K4wmMVTOtdK6sCZ7xKfkhIf9rq03bVnC _eR1V7JhchV7l_5a8SqO.tDLt.7E6G_tbnIYoDgEEKCjGC8FtXO61kl7M2J7.sRvkzKla5IexnCX R6Afst_lipSJAB83MJuCCVHYaruVjMeUvMqVVALKV5Y4sK7tJwvCWxcHVdP_pubc9abSKAOz84mf 5mDB9ycPkJSU2vrm5rdduu4EAIJu87CtzBOFb6PuXYH8kwbrRFTza1WnBFtmsUoIPvCKhTHUAWyf zrmnD41sotgz_SbU7zPlJnY4155zzH_tLYSleLafw_kc2gYdp8K7SSG10HayUOA.s75n4OObb7RR NK04JFhMZsOk9sxzWurKD7jE58SQRL5MIkY0.cSAI.ynfCwoiK.r_ILOi1l2T2bA4c1BIsKSrjG8 Xht_Q4PUpPTa.h6y.uAL_YbFYG51_55Nr8z7MXqNVKUC6u5nxkfTXObvpRDKtT4Vm_V6WiVIpITK 9oEsculLiiDN3thTQhcc6mU6kVnUJrJaYnqUQxcfyYmrS_sotRV2VPBFbaAYFF8Ef.Xsxpw2B5Ay h5vXHT1_svWA3borauZy2SMUvicCjuUR7RRRJUac0ho_HULrTzXc.qoZcdjepIppiDmP3IFBN8p2 .9kfqLWnASiLncswJT_KxF2yM6Rthes2g7dWcuXWifZEvu.HGZR1PVDh4n8C2Xpu_3P4LTBBewfY 7isWKEQncxEHMqVDhmCRIYX_C8rlvc6MNX7x8zgS8MrZ2sQT2csshLb9yyYTuxPj8HrnijmEnXN5 HqB_t6oGtAlS1GnkkhjcTxRRfEnwgbYMyMv2MrLAerq4ZVvlyyNBMLrTjav_APnJIrbWScfE9gL. eLH5UHNnO59eAAZmle8NBsKHaOjJnkCf2JgMvvS.uzik2nrffEtStcldppZ31wAJxiR6BeUqqetL onLpf6SoegKQLzo6WHFK.paNH9Q1xDWd6b8rkig2vSQvmxVypRkHS_Ur2YLlQnh_a8L.tMFNz91f 9Urginr.D5wzkDYwXC7AFBDqDwOEUBFDg72Pp158B18MgoB9WS9nFb9TuPim1FJgZ4IQmRwYaPWZ nc.roVVr5EsiWXQn_gADNm.Aui9SLQw.ArZP6SeTCeTYpRINNR91qxTeCnV1QTLjon893tfu7UUE u7xCftZ6pYeCNB09Q9IV_G3ugx5.fe504lNbzEIOO2Qs6SnBgfdhwlsv56iE46o6q0qwwj3aV3B9 iAo7_QOGDjHjOT5wY14.NHcEsizOKEh80i0aXA_0qyu2vqfOIAQ7nlbvJrC_ZA2tWQX7ZGiF3yD5 gdYYYdJuyj4Ruv06oyG3TMrZ7y4B_CPDYj5BQemsqK24AgkGTBeHTAHCXln2C2n4K5GU89JMMGP6 O9f0WacZ5FTX.jaxCkWsOY6piQfi.Bp8OxvMErirQVDiP.0vmcqnoVs1Sk_HxZaNVPTZZxvBkkzj LKoxlYfVJc5fSg2y4VmqVAQsQhzR_egk_6gZpk1JugBpNZ7MGFx1aUWUTbyth35FH_6Wgn16Nypa rPFxT8kMYOSP20iUnEtKO1NHlZIN62RB4czi2LGnjr.YGxFEQoHGHuD1WjM5daiua9V2XcEbjCoh fg8HESs7XvjBV6haQc2kh.We1qdf299TBCmoM8vCePE2L_RTUmlt0hq2gnt5aizThR86JDweZRfi C9utBDkk0G0pHv4bZP.F_SLtRkIIJHbKCJ2xtLY8wMsvSqyz17CM6vpxtRJfZYHTY.0NflQ584ET 2ZLf7uDqLCUnwRSBeAmYNqvwjKJA1P1SdVuDiH9F.LXIYBLimtVnmON6Nb8ZNUkllKmdslFzAvzj 4xXBGdfLLYdo0cwWuM9qV8nbtWpl1WCefm3WKoHZRm01OhlHqCDAXEdEAghBfjF.ckJY9kpZ46Lw BXf.6I7EoWl4YbPCPhvsiONexNpwPz7GlbuCeDtGO9aXz49vS4z4d55bngom_QA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:35:17 +0000 Received: by smtp425.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 16e5bfed62df244d3237915e7ed8e2c8; Fri, 20 Nov 2020 20:35:13 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v23 18/23] LSM: Verify LSM display sanity in binder Date: Fri, 20 Nov 2020 12:15:02 -0800 Message-Id: <20201120201507.11993-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Verify that the tasks on the ends of a binder transaction use the same "display" security module. This prevents confusion of security "contexts". Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- security/security.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/security.c b/security/security.c index 31c983a252b9..8803347424d4 100644 --- a/security/security.c +++ b/security/security.c @@ -791,9 +791,38 @@ int security_binder_set_context_mgr(struct task_struct *mgr) return call_int_hook(binder_set_context_mgr, 0, mgr); } +/** + * security_binder_transaction - Binder driver transaction check + * @from: source of the transaction + * @to: destination of the transaction + * + * Verify that the tasks have the same LSM "display", then + * call the security module hooks. + * + * Returns -EINVAL if the displays don't match, or the + * result of the security module checks. + */ int security_binder_transaction(struct task_struct *from, struct task_struct *to) { + int from_ilsm = lsm_task_ilsm(from); + int to_ilsm = lsm_task_ilsm(to); + + /* + * If the ilsm is LSMBLOB_INVALID the first module that has + * an entry is used. This will be in the 0 slot. + * + * This is currently only required if the server has requested + * peer contexts, but it would be unwieldly to have too much of + * the binder driver detail here. + */ + if (from_ilsm == LSMBLOB_INVALID) + from_ilsm = 0; + if (to_ilsm == LSMBLOB_INVALID) + to_ilsm = 0; + if (from_ilsm != to_ilsm) + return -EINVAL; + return call_int_hook(binder_transaction, 0, from, to); } From patchwork Fri Nov 20 20:15:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922309 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 291E5C56202 for ; Fri, 20 Nov 2020 20:36:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD3E4221EB for ; Fri, 20 Nov 2020 20:36:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="F4PsQP9t" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731410AbgKTUg0 (ORCPT ); Fri, 20 Nov 2020 15:36:26 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:46657 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731209AbgKTUg0 (ORCPT ); Fri, 20 Nov 2020 15:36:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904584; bh=w9xLW8fzQ+muRk3i6Rg4v/KL8LDGXzoawLg2496xC34=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=F4PsQP9tayrtHhAOwFnWu/6ouhzCP/P1HB6uvNu8y20iTcvpgsa3tKliYY3gDu8erT58ZdVSu41RBRtF5snZ3S378YX2FxocEWyK36r+ahjgkkboz9WCPfdPbuyjq2GmS/RmYSUX5vjHOekVC7vBmZVpHRoEvCN0IHXQfWJ7hBX8s7pNJkLUTJEYlt6vijQwJMBnwDL574oN+rr4PApNp28lz8yX8lZQl2AsRU2C888CnMZNC2ELOQhvwryCGXdBm8hBNIma4D0O7M/0R17gIBWsP/woPIsZxXhvaz22WgYINhT2DELGVOmXDyPHRp0mHMCi1BKPMAw9VHv0sqoa4A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904584; bh=8uyXUzvAhbvheMsiXZAa/E+eklq4R7xaRhSY3asBCwv=; h=From:To:Subject:Date:From:Subject; b=ZsOvhCGBqkC7FkOodRUjVEOgVT6iBKFLyeVSLTZvm9vPPW0nzeDe0/8Bbbujbz0idrhhRBsAQ8Z7fuIde3SHse33S4lX9Mt1mIHnQIn9aUQwDBQAmO0hDi/wAj8+3Ooea0CC2JbgoP1WzuB+MSBwZUtMKgX1HUmgqNFyxwnhZa0v/YsUXjwPSJgi2eCXLMrkNN1kN8+DgppqZYbZrbeN8G8pi0HctW2MBlqn1Ho1v3r58uVo4grei7alkJnU+qkvdmZE4pirGZrpFnoggXbEz09ANA6Edrz9XlMZfs69+wQYKPXNYAB6ojCk6HXsH1n3RElKyBW/eRPmn8LH+SRdgw== X-YMail-OSG: .Ti0jnAVM1nZO.oQSZPG7_A3loM8xPybvAudxKxziEt8SPRGPFGYMmq9J_vYjtm qF7yxPSr1eZIsZKSF1ErH4Cu9wGfeeZq7fQ1qhjqGoIH9_pGSA0Xv5CIM6ta5xP28q9YzTqtcLuL 0jnowLqdg9Ad_ejDE0SnZKowu3jJFPW3EEIAVqjdJF2dulPlMWZU1OT6hjA8Ljdvu6b5m1OqX.2b kEOcpG8URwAkJ9C3G6grwNPn2mMgUqsgolotwHUtj.v8n5VrKToroz8GsuMxc_p_eNXh1byK4_FU 7sQgINaogfi8FC_PFHB7tmv7b5NEhLrAjdCQ56Glg5exq410ICH.4FbAFe6aPjg8UiveYyhFZWo2 htgOA1JiF.53PvaaePh882vrxdp.SXiwFhfvLj27m9Qox_VlRuPVZD3qtdgYZB65Qr6pUV1nu37V NbM82raagSjgpGtGSx75Egy9dy.3N9rgU9oRVWETN2ka7_a__k1YSyL0faHNCZBE9y20Z7GYejPW WEqLRuddLoqVrQyPDEVkbMVk9_TocrBbPlcowYYvEkWQo1SzVOjILV8wn8TOc9NM24HKyO6x7ET_ DV5Vbm3QuAD_K.fqxGaRSzIqeYZ2a0tQkmIn5p1v3SgFB9jws5CTmNvQEV2bQfSe4CdszMevAiaH 8n2oQ2Dw_1EK_KMYRfZudb9FHpTcot18SJsBJtSNGtjFG9MjyqFmVnSCfp8NwybdFbsjkL4aYEz9 JqdhtKzKRasXWYlkpxsoVgUKVhdYid3gHLMqaQnfrEI10T2lPoXaj72Kdxz_N0E9y66XAVY4CEZm kJ04h5IX0KwrRg6MTR0M_WWIL1CjdMPRihJYRlYMVtLoPvXURF97veFPzkRS9k7Jandbll0gqj6K HQyRNh2uFsCfRV5JCmHBk74XCGbSYEOeqebPRIfmaQA9f6169exKBVQAH9Jutr.HuFcMjYn71.pW PnV_1o0XXkaEXiDjrC4CMU3kKxlRLKQ1cpiDxFIfvOocvylMTvdnCbEXUSsWpXGEqDElJlXWTUtL whxUEIj6LiL9wXvzzBJ1iQy5PA.wlJLO5naiATRbOetSDVVYfzsTABh.7KbDl0K3VcPhhjbcjB0B UhemWrtrfVqPYxl6J.Fpdi2H31nebqyYCvRnmTzqJ4qUXQpS5Fzkbi.z23QpnpdULiMyOEvbaJ6A KGH7GsYDpcTR8AuZYubduNkIMuZm6UU.RdbMEZMHJPAPOzJfCg.ZQ_4U2MjtRIyvedGJz_tR.kfM zR.I1X_lili_2SfxGXDbLYe8glZMfILJeiu4wdiZVDwjlwqLUBS0IKIkhJ3wuG83rnn29.VDrp3Y iNNsSUDTuZ8XlXLzArFPstO2vTsLqLiO0yFi6Up8EfBZyIsMmvLIws6vDaHkWUdmprJjHQicUzjB z4H3rQpwVYhMbid_W0PkWkULuNTGY5ayXATpAkTHgk4AV1Ft18iPAgd6zyQnWWzPXvlCIFu5oRj5 Aud0hKQGBueHyJHqVwyC0rnAKa9L9iIwTtNootiIi4xIK5aXwI5JpSJZggRKBLwh9mAY8Gs75SxW Qo0pQIaw28.EJbzO_TdbkPjcEpiDvRP5nHLhxN44DNx_7hkAdawMAj2w8n7baP6QC.bc3VPoNThi 2LYs0q4yfwwes0SNVVjpyBX9.3ZQ5cBTXMllDkvEvd87Eq4ozkAvzZ7tPKPQ0Bjqp8OrClp2Vw7l BgyDuco6RzvrLUZ6zyyMszPGcC0WoXbpK_4chPUDtS3rfId9H1HWKzjoVIAofrYJyEL63b4GHUOU 51Y2B4MzaZDlBh.BpPxShsLYsyV9TefUITBbjLWCyrmXzM54P1IH5aFmwzzYcRzWRNCR0Gq2sVyZ t8OHmc4f7vw8OZx09Eg3Xg5Nq4jez57mWmap6a3re0mVDIK_eu5fbjoDws235o_vpynkJljnm1JH 5W.zHOHtAiUTh2vtmr7MH9d7b.i9v698f0zB8W_9RWE3kOJA2ujDMDCVQrHfihrjlIgbQLt4SjFB _wmG75xQ2GDt1sxl_SJ1p.zdbyF8PlAVZtJUACFUUhmHTjKu4z.apb7HCE6HhLl5Cf.Xh2vmYJuj OpqHPKjQ0iZ6c3iKBfWaci6tfvG0sVIfukcG1A4bc499NiG92pspYUb9ypE7Jo.z5euprtJbUjIx cesO9jtN69BHI3HCwODyvv9WnhnrDW3LvIOGYPSPwP85S668_Vsfd0banF6u0W.zBYPn1mAz0qr3 werPk.kBDC3fEK62v8hBM6QF6jDvbu8YT3fuZE8k_2lNu1onVr58_qihEOHhWvzZzFaUtDN7gDTz DZWyiK9g1lIBMwPoa6eEIzUV41vyUr1RMgIi3wZcjIvVgJNIx8OOWZ2MPaXXk0bF7YjD6KG3xa.N bsTOJCEKTXtK1Ch1zHgdmfTWpfyLrjuKXLiK7AOWCxIwD2YI0OqJAS84mSwK3R3bqWaH0O2vDF8S QuVYPoY1hQnyNaR1LnGKXCbLqwvxslLhgb1adJGH91rQAv1.vJDvVnd6kCTIg5s88DY_o7k1R5Ld 1oy7PgQeW03Dat8CPZqxB3XwajbybJp2O8OwhiXzJGVGRgpPdj8bh2urHGuXebQ0XDEOshXy0OXL ganY0Bia4J1VCiwY1u8wvQq.spHzG.x5BjVkMjfGEkgYJ8Cv6tbeOm3.V16.i4YH5RYG3XPlwuE7 k0uZsCToEiICxXSgL2dmHbozrcqVaPM34QmXgpAfagB.8svCD9YdRk.1rchbFd0vH6mXs0omLTPy 5M0mBNHHGvypLR47_SsEGidRkN0mvKJNe0aLZwqy6rFDCSEW94Z_qWRaJUeTqEXXgUGZp9s6BXRI Vabq1bzr3ZursP5btp_yb.z9wcyM767.XR.UG4Vy8TUVTm9UnRbC70ORD9oSpQ7IkRaZIpts2WiV zeYXka0bzKTIE0RNiQto4KPlZrjQZuwWAyHSa7CZem3Mn2WpGOFHlV8hrdYAH.Cw8uyglVfdZy1S dcaBDToBl6Rhp_qyYNJjwtt0A1XzdXukxjOkRieurTHd48avmoiYPyvzC__T.TTSURuiiDfc3_H0 k1b3EYKNp2aokdPmUKDtjdrWAz7.MzwFxXwp8yD5qHIOstZ9eFLs0Faeo8Vj7yswaV.tu3WsAF0u mSN9AYXNNoOBz.MJ1K7bIHTmq.z1.KxTEpWRipf4qtMbjwbTQSgoRGYBg8tkddsN_80ePDYGC3kQ NJOzMC4rsylJCrS6xsA0tCwVGvm2olsBDMEzehRTyS5mERGv55Tq314NZSnAlS6zJeu0H_tYeoHx 3KS28izjUj5eo5Q6BQ0qCyw4LT9z2IMao0VmLYM6na9g41jZAUroVeC1ZMq1AyJF.HtT_qdFf_0Q VPHODzrVxzjSwm8vIPZ0yfM8QHsuV1_OGGFwcCTsj6U5mfGLm9T18pj4Ghzj.7DWHIA-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:36:24 +0000 Received: by smtp408.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 964fb92d139b644675ce3959b594e192; Fri, 20 Nov 2020 20:36:19 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Richard Guy Briggs Subject: [PATCH v23 19/23] audit: add support for non-syscall auxiliary records Date: Fri, 20 Nov 2020 12:15:03 -0800 Message-Id: <20201120201507.11993-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Standalone audit records have the timestamp and serial number generated on the fly and as such are unique, making them standalone. This new function audit_alloc_local() generates a local audit context that will be used only for a standalone record and its auxiliary record(s). The context is discarded immediately after the local associated records are produced. Signed-off-by: Richard Guy Briggs Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com To: Richard Guy Briggs Reported-by: kernel test robot Reported-by: kernel test robot --- include/linux/audit.h | 8 ++++++++ kernel/audit.h | 1 + kernel/auditsc.c | 33 ++++++++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index ba1cd38d601b..786d065a64ef 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -289,6 +289,8 @@ static inline int audit_signal_info(int sig, struct task_struct *t) /* Public API */ extern int audit_alloc(struct task_struct *task); extern void __audit_free(struct task_struct *task); +extern struct audit_context *audit_alloc_local(gfp_t gfpflags); +extern void audit_free_context(struct audit_context *context); extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); @@ -558,6 +560,12 @@ static inline void audit_log_nfcfg(const char *name, u8 af, extern int audit_n_rules; extern int audit_signals; #else /* CONFIG_AUDITSYSCALL */ ++static inline struct audit_context *audit_alloc_local(gfp_t gfpflags) +{ + return NULL; +} +static inline void audit_free_context(struct audit_context *context) +{ } static inline int audit_alloc(struct task_struct *task) { return 0; diff --git a/kernel/audit.h b/kernel/audit.h index ce41886807bb..3f2285e1c6e0 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,7 @@ struct audit_proctitle { struct audit_context { int dummy; /* must be the first element */ int in_syscall; /* 1 if task is in a syscall */ + bool local; /* local context needed */ enum audit_state state, current_state; unsigned int serial; /* serial number for record */ int major; /* syscall number */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4af5861bcb9a..5bfee5d0812d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -929,11 +929,13 @@ static inline void audit_free_aux(struct audit_context *context) } } -static inline struct audit_context *audit_alloc_context(enum audit_state state) +static inline struct audit_context *audit_alloc_context(enum audit_state state, + gfp_t gfpflags) { struct audit_context *context; - context = kzalloc(sizeof(*context), GFP_KERNEL); + /* We can be called in atomic context via audit_tg() */ + context = kzalloc(sizeof(*context), gfpflags); if (!context) return NULL; context->state = state; @@ -967,7 +969,8 @@ int audit_alloc(struct task_struct *tsk) return 0; } - if (!(context = audit_alloc_context(state))) { + context = audit_alloc_context(state, GFP_KERNEL); + if (!context) { kfree(key); audit_log_lost("out of memory in audit_alloc"); return -ENOMEM; @@ -979,8 +982,27 @@ int audit_alloc(struct task_struct *tsk) return 0; } -static inline void audit_free_context(struct audit_context *context) +struct audit_context *audit_alloc_local(gfp_t gfpflags) { + struct audit_context *context = NULL; + + context = audit_alloc_context(AUDIT_RECORD_CONTEXT, gfpflags); + if (!context) { + audit_log_lost("out of memory in audit_alloc_local"); + goto out; + } + context->serial = audit_serial(); + ktime_get_coarse_real_ts64(&context->ctime); + context->local = true; +out: + return context; +} +EXPORT_SYMBOL(audit_alloc_local); + +void audit_free_context(struct audit_context *context) +{ + if (!context) + return; audit_free_module(context); audit_free_names(context); unroll_tree_refs(context, NULL, 0); @@ -991,6 +1013,7 @@ static inline void audit_free_context(struct audit_context *context) audit_proctitle_free(context); kfree(context); } +EXPORT_SYMBOL(audit_free_context); static int audit_log_pid_context(struct audit_context *context, pid_t pid, kuid_t auid, kuid_t uid, @@ -2228,7 +2251,7 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); int auditsc_get_stamp(struct audit_context *ctx, struct timespec64 *t, unsigned int *serial) { - if (!ctx->in_syscall) + if (!ctx->in_syscall && !ctx->local) return 0; if (!ctx->serial) ctx->serial = audit_serial(); From patchwork Fri Nov 20 20:15:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922453 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C28BC63798 for ; Fri, 20 Nov 2020 20:37:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E5A42221EB for ; Fri, 20 Nov 2020 20:37:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="fBlID/zD" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731284AbgKTUhd (ORCPT ); Fri, 20 Nov 2020 15:37:33 -0500 Received: from sonic302-28.consmr.mail.ne1.yahoo.com ([66.163.186.154]:38467 "EHLO sonic302-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731496AbgKTUhd (ORCPT ); Fri, 20 Nov 2020 15:37:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904650; bh=JextWAp4vg9i2MpWbzWqR82uz7OuRXg3L2+ikFbGf0Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=fBlID/zDCmqw3uY0U4K0AVju7NoqCseBtzrxPsWgWGCtb02FgdjVphP/zCDICLRUVDUwfF1bWm/QFxY26XYgC0Z8NiRoY284GolKT9tBoEGAhP6bEjSGMI7CLGSNtrJHmk/Vkpz0LVEZ9HfI98vs+FSdDn+v93Kui8RJCSiH2aW4uFPQy5uPZqvJRuNTXfb7hl6+B/Fdc7ZQXnKokK5yw2KrYxCfjhx+HzSKToktyoJ+uaX2yViCOA0YDNICjH21Tx0nglSGXF/GHmyOoGUmaxstZq5cyHb9dVJPioAic6ysvqfTTyfxp03J0wKaLnk2IxpMMlWOcM3FVqg9ugngOA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904650; bh=iRq//zmHRdMUP8RUmRB41dLcbqZME5ePvED4y2PqUnb=; h=From:To:Subject:Date:From:Subject; b=m8bamwZrlV6sk42ieYhveaO9rXN5ZMazFmZMA70WxtH9Eq3jJwe96pmuLJqGQ1E9sFhsnfh91aOa+WOJA38UCFkU0yjnQZm441gAbGCs9fqMays3ueFNE8Aw2ldEKhWOscoBHjEIk0qjFgCGEEDhlzQWsXrA/qJKD7Q5oSHf3E6oOa8SchO5X6LHwVb6070fF0WBLrKFW3fAdnyLyfxTOTyKBx6pqdmGb5Y0WUJOEvBKbvBAe6Jh//rp4Y1RRKC8V++23/RxaGayRr7UjTx1uk3g9lT41cmltKIbHJPdKTB4zvnKl8ip9d6ctEEz8riP9Wnj8d4OXNB/A7H80SqOJA== X-YMail-OSG: mOobivEVM1knM7hmOpdpar.9uiUiRCPy1lur8e5xK5cMRlOJEARDKiLqIQMjttE jnn0.5qrre2KuUsLZl7lc21mC9btBRwmedyOdW8Qamnc1HPcSsZ_xizc5ggBeNqCV.Cs.VaOas4E ZqiUNC5yrNv2eAUSb.l7y0Bw1pfFr57nvagQ3X0rLsZP8S.AqdeVT2081x2A8qbcVpw4jBi4Z9b8 2IVkUpDlnWd.Mjvq3Cc39vvBnVEezFu0I0nzzWxRqRlCFShPYkZQVAOdl1uKOA9Tu_NEhzjlOeyz NUpojzYP86MN_lv8Si6rft8qlObrtQwtmdS49zBrUZ1hRfFm8Hs5GzTU.BkDJqgoFRtKJFl4n1nF NiY_X9cSNgmA5Pq8khQO6jC.pZbPWa8FX9q4eN2XST56ZIqapVaITNQ8pdW4l5tQHDo5OffZZ3.R U1DvviuesOJi2Cvy5lFpd5JhDXMLtnL3UdM4lUHgpmVYqauRDNJLGQM5XTl5Ucd0h3MWyRaHWWx9 ClGjppNUcgzdY0JSgKNj4TFz2n_kK8hZux7xZa1TDXr0TA6G4qzqd8XvIuObB8zhAZ24jPVLdyGm HrtO1_4molxSXOvHUEyo3zBQxqdMd.23ak0oQ63DzU4zt0hIKm8oNXgKQiRRY6a78sidtUIAzSz8 On7NWNrao34UOcWIm5VUNoFWUf2KdD37muiufIbgNfZJpHdpiSyyrTX_hJeSMs5j0toFl537KCJS 13Ul3f4ivgEZsOJE3ahucURkUl2rUvfBMttl7_y6JluW2vGOyEm_rb58hv8AEdR3UGWCOHO7v8ds KUuqtQmMNqQN6ZK.RpoDIUo3NiLaDaVwP85tAxhaYCVj3WjBMrSJz34NbBDVKOYTVI_.gLHS.ABg 6zjqyURAE9pzpphORb9f4IuWpJeBqO_A5dZoc3mvX2oW5lPaFYaeDPc0M5FfIv9jjtelcdp1Nx7A orWxRKYpSESiJUArmlLav44eFo.eRBb8Uzx2Y.rj620LZ24OsBnDtozk6xJ0kcah5YERqFsoBbZx E2FL9L_AhSQuP6cX1bUo7kBOHyF2K2750g44_2lZsIXIx_u91fimqHauBaWj_Hc.yVy8dnAt8VU0 Q6Hj9GSf27oURAPDHS6Zzz8B3S6hOFk_zgD7WGtxTnjINXyfo8F4MhIyxsHWTeaeb8qdrOmsBvoa WIiSGPydfj977cbmDsiVxdwz2i_P2iJSpKApoWAb5vdvhHTQCzFrgJnSo1fpC94kWoqn9IKLlh5m UETGtDypFTq3uyEuXhZofujf1fvD9ACyOAXWAq.nyorgg3CEm9xWY0qJudr8wSYLvmjYHoEGiYog b99EaDJTxNg8zyYHz80EY6rvx88gu5lMHnJ7qEPWxn0DlFWxGS1iCHe4tNI9w3Vx0J3gANoNyVjP kmyjxhcxs5O33SynV2IWStWAJuv2pZHYF0Ucap.OtRLcpgdjyVzaoIpSsajahLbca1qAjvaT.0Jn o68sEAGB5IaZqLMXTHjZwxIlL3WOtv2U8UI8x1.XyCCt6T3IPA9lAc9wKyyBF1mar2ufZBQy1GTy kFmI8K7f3s0HYew9LZ0ROhPCD7ySdSmjr61TScsKDTFpghFvmAFG0vzAolgDtHgJsiBcBuPsBm95 LZiaQHRxOj5tO_uzDCGwxaxfhYvnqw3aP4EHlhKG0gjMWqs81njosCkzhwsyC16q3Xr5_wguCZwx zU4jcv9M6Ju9A.UXwnMn_rQKgNLfIZLy4kFolsITge.lWVseX7wd0RrvEdaBsPNvRiuyXt7iBOO. 1uEnIHmNVNlCaxcg2Wm48T2W3bL8KjARulyKqkwEH_cWw1aYbn4XsbDeVK6Twg8tBe2YOTecA9kr mvVAqwdsrr4gJm7KB2Ih7eY4OQYvP0kagzYamvKfc6WXCasTIZJmCx.jPi_UZWn.uu3hLs6n3NpZ tfYVXOniLjTxLatX1kvf7CFEZcDaW01QfMQAwKkAzsid3DuQSASahcuXTfLrnNZ.8WNFuq024wHv _JiXqpvGyY.saKGvpzj4NGaTBHkXIEpTRk52oNIHn5Q3J2O0n.AnpNN59vRXrbbzMS8dIiyu32pj qinGwHZ2vImc011CaVO3rol2hKDt6ZvZJYs6UR6r4VsErz7afhKQT7sN.k0t_WzW9.BX4vvA4FUS DtqCbp223ys9S6d3sBxDt8I62xRowGQh_NkEQiase.WUaQBB3Pry0S7qSmq4zNJprqA8txwP_hzE hIBo1vg4a0OE3xtokRexOFTPq0psAvTThcu.5rXE3PBOMthHf0MFL7yn.TXG8j2vB43cxmrP0wga HIMuqZaAVGJoQRavPag8SlSyH3icNv0XunI6mfV1r48PUD1sBn2sVieY1hYmiHxQVdLm5mQM3bty pwiXt9IUcIaFMLGZaXNPicszAU58tcPymGMdRSQkRFpOGkep0ZUVv2OKNc.EvRJ5Ax_VZbV1_gYk uO8QwK13kPmk0Qctev2lWnTjdnZDsxl8yQakTHmEd_mOazSv3WVwkCrB0RBR6d9eC6mDZ8.uefk9 7yUfhQn4YVxtBa2zIWKe7cUPWb8iJz4QRihm75pLouta3K._iRR6H83exrZGCztXbApPc9aEFpjC jMyFfsWL8dgRVk4m2CuNA4WkqeSBCcBAl0BP1PxV_AgteL0XCfjAttHbTLB0TBE2KAYvW23o0Twy jZSZqEV3tsB4fMNXOxgr6cRq3J6aDhB_LklFG9rciuO1sK4Bh52S615XwZopN5IO8vseWNEvWjV5 V0TBBJgSckIhXS4GYbSx8knHcO_3vrbhgCn5L1zDbMBm2tlyMmfZ7HaWf4hJ44pw.guzY..Fl5dC 3XRPmcJ.ecZC3LlruF.Waj6g.4rUFnSKe713CTRRBBzQgrvsYY_wm9L2HqD_4TUPOxlQb6_74w.J ujxo0mPsC.yBIVXyp6N7eTogAj2TH_NKX4C_MUFOddqVHneujuqEi4_S4vV8dGV0Qynl_nf90GZ7 JT2WNsV4QvC9jC0ODSm0Y1VuZ.qUUvU.5.AkGPN_QXvY1PgdJkpn2mz2xI5fLsmoJ6IiLza42mHY l23kCpuF4BIjIVuEoypEtam2182r9FS2vl1jzNQS9Dtt2ETa_X9ROJ8GKZlODr9wGLZGJRQ2EYhW BHEorngG1NbwW3r_0Z2JlNCJhiibvvPQGDqv4d48.8.1n0HVXe.WdUliilcrad0mMd82BFNQ72jg xUoIeZSk6lSMoywhDP9UdzmiDBSDnJKlvgxdvHaovYbsvL9ZZkt85VZvRaeefzzgyVWVLG6qrtQ6 _zdiW2zFprm4UIJzmj3KoLGfgTIS2_AnConsJYc7xMRY9oHgn8FuCOP6aP.3Ich5zYXMR_hYwrx_ TpqxAxW8OTedJg2ZRb4VBIf9enpCcH9ExFmKyOOxfhgNmec2O1UhPw2eggjqNSHp8vPeWKZtBj64 kZEfQlo8XaNQtbxWk2fF44WPSz_6ntp035arNBnPq Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:37:30 +0000 Received: by smtp418.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5052a7be9aee4e3f9a7d5bcaa0df0862; Fri, 20 Nov 2020 20:37:24 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, rgb@redhat.com, netdev@vger.kernel.org Subject: [PATCH v23 20/23] Audit: Add new record for multiple process LSM attributes Date: Fri, 20 Nov 2020 12:15:04 -0800 Message-Id: <20201120201507.11993-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record type to contain the subject information when there are multiple security modules that require such data. This record is linked with the same timestamp and serial number using the audit_alloc_local() mechanism. The record is produced only in cases where there is more than one security module with a process "context". In cases where this record is produced the subj= fields of other records in the audit event will be set to "subj=?". An example of the MAC_TASK_CONTEXTS (1420) record is: type=UNKNOWN[1420] msg=audit(1600880931.832:113) subj_apparmor==unconfined subj_smack=_ There will be a subj_$LSM= entry for each security module LSM that supports the secid_to_secctx and secctx_to_secid hooks. The BPF security module implements secid/secctx translation hooks, so it has to be considered to provide a secctx even though it may not actually do so. Signed-off-by: Casey Schaufler To: paul@paul-moore.com Cc: linux-audit@redhat.com Cc: rgb@redhat.com Cc: netdev@vger.kernel.org Reported-by: kernel test robot Reported-by: kernel test robot --- drivers/android/binder.c | 2 +- include/linux/audit.h | 24 +++++++++ include/linux/security.h | 18 ++++++- include/net/netlabel.h | 3 +- include/net/scm.h | 2 +- include/net/xfrm.h | 13 ++++- include/uapi/linux/audit.h | 1 + kernel/audit.c | 61 +++++++++++++++------ kernel/audit.h | 2 + kernel/auditfilter.c | 6 ++- kernel/auditsc.c | 70 ++++++++++++++++++++---- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_domainhash.c | 4 +- net/netlabel/netlabel_unlabeled.c | 24 ++++----- net/netlabel/netlabel_user.c | 16 +++--- net/netlabel/netlabel_user.h | 6 +-- net/xfrm/xfrm_policy.c | 10 ++-- net/xfrm/xfrm_state.c | 20 +++---- security/integrity/ima/ima_api.c | 7 +-- security/integrity/integrity_audit.c | 6 ++- security/security.c | 72 +++++++++++++++++++------ security/smack/smackfs.c | 3 +- 25 files changed, 280 insertions(+), 100 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index a75ffcd0270a..a4f0cd140612 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3090,7 +3090,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_task_getsecid(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/audit.h b/include/linux/audit.h index 786d065a64ef..ad1eda37166f 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -164,6 +164,8 @@ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp extern __printf(2, 3) void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); extern void audit_log_end(struct audit_buffer *ab); +extern void audit_log_end_local(struct audit_buffer *ab, + struct audit_context *context); extern bool audit_string_contains_control(const char *string, size_t len); extern void audit_log_n_hex(struct audit_buffer *ab, @@ -188,6 +190,7 @@ extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); +extern void audit_log_lsm(struct audit_context *context); extern int audit_update_lsm_rules(void); @@ -226,6 +229,9 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) { } static inline void audit_log_end(struct audit_buffer *ab) { } +static inline void audit_log_end_local(struct audit_buffer *ab, + struct audit_context *context) +{ } static inline void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) { } @@ -252,6 +258,8 @@ static inline int audit_log_task_context(struct audit_buffer *ab) } static inline void audit_log_task_info(struct audit_buffer *ab) { } +static void audit_log_lsm(struct audit_context *context) +{ } static inline kuid_t audit_get_loginuid(struct task_struct *tsk) { @@ -291,6 +299,7 @@ extern int audit_alloc(struct task_struct *task); extern void __audit_free(struct task_struct *task); extern struct audit_context *audit_alloc_local(gfp_t gfpflags); extern void audit_free_context(struct audit_context *context); +extern void audit_free_local(struct audit_context *context); extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); @@ -392,6 +401,19 @@ static inline void audit_ptrace(struct task_struct *t) __audit_ptrace(t); } +static inline struct audit_context *audit_alloc_for_lsm(gfp_t gfp) +{ + struct audit_context *context = audit_context(); + + if (context) + return context; + + if (lsm_multiple_contexts()) + return audit_alloc_local(gfp); + + return NULL; +} + /* Private API (for audit.c only) */ extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); @@ -566,6 +588,8 @@ extern int audit_signals; } static inline void audit_free_context(struct audit_context *context) { } +static inline void audit_free_local(struct audit_context *context) +{ } static inline int audit_alloc(struct task_struct *task) { return 0; diff --git a/include/linux/security.h b/include/linux/security.h index 20486380c176..3335991e99cb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -181,6 +181,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "display" slot */ +#define LSMBLOB_FIRST -5 /* Use the default "display" slot */ /** * lsmblob_init - initialize an lsmblob structure. @@ -243,6 +245,17 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +const char *security_lsm_slot_name(int slot); + +static inline bool lsm_multiple_contexts(void) +{ +#ifdef CONFIG_SECURITY + return security_lsm_slot_name(1) != NULL; +#else + return false; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -559,7 +572,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int display); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1385,7 +1399,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int display) { return -EOPNOTSUPP; } diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 73fc25b4042b..9bc1f969a25d 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -97,7 +97,8 @@ struct calipso_doi; /* NetLabel audit information */ struct netlbl_audit { - u32 secid; + struct audit_context *localcontext; + struct lsmblob lsmdata; kuid_t loginuid; unsigned int sessionid; }; diff --git a/include/net/scm.h b/include/net/scm.h index b77a52f93389..f4d567d4885e 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, diff --git a/include/net/xfrm.h b/include/net/xfrm.h index b2a06f10b62c..bfe3ba2a5233 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -669,13 +669,22 @@ struct xfrm_spi_skb_cb { #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0])) #ifdef CONFIG_AUDITSYSCALL -static inline struct audit_buffer *xfrm_audit_start(const char *op) +static inline struct audit_buffer *xfrm_audit_start(const char *op, + struct audit_context **lac) { + struct audit_context *context; struct audit_buffer *audit_buf = NULL; if (audit_enabled == AUDIT_OFF) return NULL; - audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, + context = audit_context(); + if (lac != NULL) { + if (lsm_multiple_contexts() && context == NULL) + context = audit_alloc_local(GFP_ATOMIC); + *lac = context; + } + + audit_buf = audit_log_start(context, GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT); if (audit_buf == NULL) return NULL; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index cd2d8279a5e4..2a63720e56f6 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -139,6 +139,7 @@ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ +#define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 4e219d1c1781..554279cb1e20 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -386,10 +386,12 @@ void audit_log_lost(const char *message) static int audit_log_config_change(char *function_name, u32 new, u32 old, int allow_changes) { + struct audit_context *context; struct audit_buffer *ab; int rc = 0; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_CONFIG_CHANGE); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (unlikely(!ab)) return rc; audit_log_format(ab, "op=set %s=%u old=%u ", function_name, new, old); @@ -398,7 +400,7 @@ static int audit_log_config_change(char *function_name, u32 new, u32 old, if (rc) allow_changes = 0; /* Something weird, deny request */ audit_log_format(ab, " res=%d", allow_changes); - audit_log_end(ab); + audit_log_end_local(ab, context); return rc; } @@ -1072,12 +1074,6 @@ static void audit_log_common_recv_msg(struct audit_context *context, audit_log_task_context(*ab); } -static inline void audit_log_user_recv_msg(struct audit_buffer **ab, - u16 msg_type) -{ - audit_log_common_recv_msg(NULL, ab, msg_type); -} - int is_audit_feature_set(int i) { return af.features & AUDIT_FEATURE_TO_MASK(i); @@ -1349,6 +1345,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) err = audit_filter(msg_type, AUDIT_FILTER_USER); if (err == 1) { /* match or error */ + struct audit_context *lcontext; char *str = data; err = 0; @@ -1357,7 +1354,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (err) break; } - audit_log_user_recv_msg(&ab, msg_type); + lcontext = audit_alloc_for_lsm(GFP_KERNEL); + audit_log_common_recv_msg(lcontext, &ab, msg_type); if (msg_type != AUDIT_USER_TTY) { /* ensure NULL termination */ str[data_len - 1] = '\0'; @@ -1370,7 +1368,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) data_len--; audit_log_n_untrustedstring(ab, str, data_len); } - audit_log_end(ab); + audit_log_end_local(ab, lcontext); } break; case AUDIT_ADD_RULE: @@ -1443,7 +1441,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -1550,6 +1548,7 @@ static void audit_receive(struct sk_buff *skb) /* Log information about who is connecting to the audit multicast socket */ static void audit_log_multicast(int group, const char *op, int err) { + struct audit_context *context; const struct cred *cred; struct tty_struct *tty; char comm[sizeof(current->comm)]; @@ -1558,7 +1557,8 @@ static void audit_log_multicast(int group, const char *op, int err) if (!audit_enabled) return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_EVENT_LISTENER); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_EVENT_LISTENER); if (!ab) return; @@ -1576,7 +1576,7 @@ static void audit_log_multicast(int group, const char *op, int err) audit_log_untrustedstring(ab, get_task_comm(comm, current)); audit_log_d_path_exe(ab, current->mm); /* exe= */ audit_log_format(ab, " nl-mcgrp=%d op=%s res=%d", group, op, !err); - audit_log_end(ab); + audit_log_end_local(ab, context); } /* Run custom bind function on netlink socket group connect or bind requests. */ @@ -2135,7 +2135,19 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + /* + * If there is more than one security module that has a + * subject "context" it's necessary to put the subject data + * into a separate record to maintain compatibility. + */ + if (lsm_multiple_contexts()) { + if (ab->ctx) + ab->ctx->lsm = blob; + audit_log_format(ab, " subj=?"); + return 0; + } + + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) goto error_path; @@ -2271,6 +2283,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, unsigned int oldsessionid, unsigned int sessionid, int rc) { + struct audit_context *context; struct audit_buffer *ab; uid_t uid, oldloginuid, loginuid; struct tty_struct *tty; @@ -2278,7 +2291,8 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, if (!audit_enabled) return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_LOGIN); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_LOGIN); if (!ab) return; @@ -2293,7 +2307,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, oldloginuid, loginuid, tty ? tty_name(tty) : "(none)", oldsessionid, sessionid, !rc); audit_put_tty(tty); - audit_log_end(ab); + audit_log_end_local(ab, context); } /** @@ -2393,6 +2407,21 @@ void audit_log_end(struct audit_buffer *ab) audit_buffer_free(ab); } +/** + * audit_log_end_local - end one audit record with local context + * @ab: the audit_buffer + * @context: the local context + * + * End an audit event in the usual way, then emit an LSM context + * record if approprite. + */ +void audit_log_end_local(struct audit_buffer *ab, struct audit_context *context) +{ + audit_log_end(ab); + audit_log_lsm(context); + audit_free_local(context); +} + /** * audit_log - Log an audit record * @ctx: audit context diff --git a/kernel/audit.h b/kernel/audit.h index 3f2285e1c6e0..624828a9a7e4 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -131,6 +131,7 @@ struct audit_context { kgid_t gid, egid, sgid, fsgid; unsigned long personality; int arch; + struct lsmblob lsm; pid_t target_pid; kuid_t target_auid; @@ -201,6 +202,7 @@ struct audit_context { extern bool audit_ever_enabled; extern void audit_log_session_info(struct audit_buffer *ab); +extern void audit_log_lsm(struct audit_context *context); extern int auditd_test_task(struct task_struct *task); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 9e73a7961665..2b0a6fda767d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1098,12 +1098,14 @@ static void audit_list_rules(int seq, struct sk_buff_head *q) /* Log rule additions and removals */ static void audit_log_rule_change(char *action, struct audit_krule *rule, int res) { + struct audit_context *context; struct audit_buffer *ab; if (!audit_enabled) return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_CONFIG_CHANGE); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (!ab) return; audit_log_session_info(ab); @@ -1111,7 +1113,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re audit_log_format(ab, " op=%s", action); audit_log_key(ab, rule->filterkey); audit_log_format(ab, " list=%d res=%d", rule->listnr, res); - audit_log_end(ab); + audit_log_end_local(ab, context); } /** diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5bfee5d0812d..44b150432147 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -989,12 +989,11 @@ struct audit_context *audit_alloc_local(gfp_t gfpflags) context = audit_alloc_context(AUDIT_RECORD_CONTEXT, gfpflags); if (!context) { audit_log_lost("out of memory in audit_alloc_local"); - goto out; + return NULL; } context->serial = audit_serial(); ktime_get_coarse_real_ts64(&context->ctime); context->local = true; -out: return context; } EXPORT_SYMBOL(audit_alloc_local); @@ -1015,6 +1014,13 @@ void audit_free_context(struct audit_context *context) } EXPORT_SYMBOL(audit_free_context); +void audit_free_local(struct audit_context *context) +{ + if (context && context->local) + audit_free_context(context); +} +EXPORT_SYMBOL(audit_free_local); + static int audit_log_pid_context(struct audit_context *context, pid_t pid, kuid_t auid, kuid_t uid, unsigned int sessionid, @@ -1032,7 +1038,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1277,7 +1283,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1429,7 +1436,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; @@ -1506,6 +1513,45 @@ static void audit_log_proctitle(void) audit_log_end(ab); } +void audit_log_lsm(struct audit_context *context) +{ + struct audit_buffer *ab; + struct lsmcontext lsmdata; + bool sep = false; + int error; + int i; + + if (!lsm_multiple_contexts()) + return; + + if (context == NULL) + return; + + if (!lsmblob_is_set(&context->lsm)) + return; + + ab = audit_log_start(context, GFP_ATOMIC, AUDIT_MAC_TASK_CONTEXTS); + if (!ab) + return; /* audit_panic or being filtered */ + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (context->lsm.secid[i] == 0) + continue; + error = security_secid_to_secctx(&context->lsm, &lsmdata, i); + if (error && error != -EINVAL) { + audit_panic("error in audit_log_lsm"); + return; + } + + audit_log_format(ab, "%ssubj_%s=%s", sep ? " " : "", + security_lsm_slot_name(i), lsmdata.context); + sep = true; + + security_release_secctx(&lsmdata); + } + audit_log_end(ab); +} + static void audit_log_exit(void) { int i, call_panic = 0; @@ -1630,6 +1676,8 @@ static void audit_log_exit(void) audit_log_proctitle(); + audit_log_lsm(context); + /* Send end of event record to help user space know we are finished */ ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); if (ab) @@ -2635,10 +2683,12 @@ void __audit_ntp_log(const struct audit_ntp_data *ad) void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, enum audit_nfcfgop op, gfp_t gfp) { + struct audit_context *context; struct audit_buffer *ab; char comm[sizeof(current->comm)]; - ab = audit_log_start(audit_context(), gfp, AUDIT_NETFILTER_CFG); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, gfp, AUDIT_NETFILTER_CFG); if (!ab) return; audit_log_format(ab, "table=%s family=%u entries=%u op=%s", @@ -2648,7 +2698,7 @@ void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, audit_log_task_context(ab); /* subj= */ audit_log_format(ab, " comm="); audit_log_untrustedstring(ab, get_task_comm(comm, current)); - audit_log_end(ab); + audit_log_end_local(ab, context); } EXPORT_SYMBOL_GPL(__audit_log_nfcfg); @@ -2683,6 +2733,7 @@ static void audit_log_task(struct audit_buffer *ab) */ void audit_core_dumps(long signr) { + struct audit_context *context; struct audit_buffer *ab; if (!audit_enabled) @@ -2691,12 +2742,13 @@ void audit_core_dumps(long signr) if (signr == SIGQUIT) /* don't care for those */ return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_ABEND); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_ANOM_ABEND); if (unlikely(!ab)) return; audit_log_task(ab); audit_log_format(ab, " sig=%ld res=1", signr); - audit_log_end(ab); + audit_log_end_local(ab, context); } /** diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ae073b642fa7..5c0029a3a595 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index e6fdcd87ab3e..b63ecc7185fc 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -339,7 +339,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -655,7 +655,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) struct lsmblob blob; struct lsmcontext context; - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index c6112960fc73..2cb3a8df7932 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -177,7 +177,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 0d8b83d84422..f2dffeed4789 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index dc8c39f51f7d..2690a528d262 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c @@ -259,7 +259,7 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, break; } audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } } @@ -614,7 +614,7 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry, audit_log_format(audit_buf, " nlbl_domain=%s res=1", entry->domain ? entry->domain : "(default)"); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } switch (entry->def.type) { diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index ab6375d952ea..028670b72521 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,13 +437,14 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } return ret_val; } @@ -492,13 +493,14 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (dev != NULL) dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } if (entry == NULL) @@ -552,13 +554,14 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (dev != NULL) dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } if (entry == NULL) @@ -741,7 +744,7 @@ static void netlbl_unlabel_acceptflg_set(u8 value, if (audit_buf != NULL) { audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } } @@ -1122,7 +1125,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1528,14 +1531,11 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; - struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &blob); - /* scaffolding until audit_info.secid is converted */ - audit_info.secid = blob.secid[0]; + security_task_getsecid(current, &audit_info.lsmdata); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..4fb4c37cc4a7 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -83,14 +83,17 @@ int __init netlbl_netlink_init(void) struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { + struct audit_context *audit_ctx; struct audit_buffer *audit_buf; struct lsmcontext context; - struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; - audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type); + audit_ctx = audit_alloc_for_lsm(GFP_ATOMIC); + audit_info->localcontext = audit_ctx; + + audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type); if (audit_buf == NULL) return NULL; @@ -98,12 +101,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); - lsmblob_init(&blob, audit_info->secid); - if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { + if (!lsm_multiple_contexts() && lsmblob_is_set(&audit_info->lsmdata) && + security_secid_to_secctx(&audit_info->lsmdata, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); - } + } else + audit_log_format(audit_buf, " subj=?"); return audit_buf; } diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 438b5db6c714..bd4335443b87 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,11 +34,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - struct lsmblob blob; - - security_task_getsecid(current, &blob); - /* scaffolding until secid is converted */ - audit_info->secid = blob.secid[0]; + security_task_getsecid(current, &audit_info->lsmdata); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d622c2548d22..6aa4bcc08848 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4205,30 +4205,32 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SPD-add"); + audit_buf = xfrm_audit_start("SPD-add", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); audit_log_format(audit_buf, " res=%u", result); xfrm_audit_common_policyinfo(xp, audit_buf); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SPD-delete"); + audit_buf = xfrm_audit_start("SPD-delete", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); audit_log_format(audit_buf, " res=%u", result); xfrm_audit_common_policyinfo(xp, audit_buf); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); #endif diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index a77da7aae6fe..23bcf0bc9e40 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2742,29 +2742,31 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SAD-add"); + audit_buf = xfrm_audit_start("SAD-add", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); xfrm_audit_helper_sainfo(x, audit_buf); audit_log_format(audit_buf, " res=%u", result); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_state_add); void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SAD-delete"); + audit_buf = xfrm_audit_start("SAD-delete", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); xfrm_audit_helper_sainfo(x, audit_buf); audit_log_format(audit_buf, " res=%u", result); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); @@ -2774,7 +2776,7 @@ void xfrm_audit_state_replay_overflow(struct xfrm_state *x, struct audit_buffer *audit_buf; u32 spi; - audit_buf = xfrm_audit_start("SA-replay-overflow"); + audit_buf = xfrm_audit_start("SA-replay-overflow", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); @@ -2792,7 +2794,7 @@ void xfrm_audit_state_replay(struct xfrm_state *x, struct audit_buffer *audit_buf; u32 spi; - audit_buf = xfrm_audit_start("SA-replayed-pkt"); + audit_buf = xfrm_audit_start("SA-replayed-pkt", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); @@ -2807,7 +2809,7 @@ void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family) { struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SA-notfound"); + audit_buf = xfrm_audit_start("SA-notfound", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, family, audit_buf); @@ -2821,7 +2823,7 @@ void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, struct audit_buffer *audit_buf; u32 spi; - audit_buf = xfrm_audit_start("SA-notfound"); + audit_buf = xfrm_audit_start("SA-notfound", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, family, audit_buf); @@ -2839,7 +2841,7 @@ void xfrm_audit_state_icvfail(struct xfrm_state *x, __be32 net_spi; __be32 net_seq; - audit_buf = xfrm_audit_start("SA-icv-failure"); + audit_buf = xfrm_audit_start("SA-icv-failure", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index e83fa1c32843..8b6f8402703d 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -340,6 +340,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename) { + struct audit_context *context; struct audit_buffer *ab; char *hash; const char *algo_name = hash_algo_name[iint->ima_hash->algo]; @@ -356,8 +357,8 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]); hash[i * 2] = '\0'; - ab = audit_log_start(audit_context(), GFP_KERNEL, - AUDIT_INTEGRITY_RULE); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_INTEGRITY_RULE); if (!ab) goto out; @@ -366,7 +367,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_format(ab, " hash=\"%s:%s\"", algo_name, hash); audit_log_task_info(ab); - audit_log_end(ab); + audit_log_end_local(ab, context); iint->flags |= IMA_AUDITED; out: diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 29220056207f..b38163c43659 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -38,13 +38,15 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, const char *cause, int result, int audit_info, int errno) { + struct audit_context *context; struct audit_buffer *ab; char name[TASK_COMM_LEN]; if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ return; - ab = audit_log_start(audit_context(), GFP_KERNEL, audit_msgno); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, audit_msgno); audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", task_pid_nr(current), from_kuid(&init_user_ns, current_uid()), @@ -63,5 +65,5 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, audit_log_format(ab, " ino=%lu", inode->i_ino); } audit_log_format(ab, " res=%d errno=%d", !result, errno); - audit_log_end(ab); + audit_log_end_local(ab, context); } diff --git a/security/security.c b/security/security.c index 8803347424d4..cef9c20ce0aa 100644 --- a/security/security.c +++ b/security/security.c @@ -483,7 +483,31 @@ static int lsm_append(const char *new, char **result) * Pointers to the LSM id structures for local use. */ static int lsm_slot __lsm_ro_after_init; -static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES]; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * security_lsm_slot_name - Get the name of the security module in a slot + * @slot: index into the interface LSM slot list. + * + * Provide the name of the security module associated with + * a interface LSM slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *security_lsm_slot_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -2193,7 +2217,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { rc = hp->hook.setprocattr(name, value, size); - if (rc < 0) + if (rc < 0 && rc != -EINVAL) return rc; } @@ -2238,13 +2262,31 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); memset(cp, 0, sizeof(*cp)); + /* + * ilsm either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (ilsm == LSMBLOB_DISPLAY) + ilsm = lsm_task_ilsm(current); + else if (ilsm == LSMBLOB_FIRST) + ilsm = LSMBLOB_INVALID; + else if (ilsm < 0) { + WARN_ONCE(true, + "LSM: %s unknown interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } else if (ilsm >= lsm_slot) { + WARN_ONCE(true, + "LSM: %s invalid interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; @@ -2274,7 +2316,7 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, return hp->hook.secctx_to_secid(secdata, seclen, &blob->secid[hp->lsmid->slot]); } - return 0; + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2767,23 +2809,17 @@ int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { struct security_hook_list *hp; - bool one_is_good = false; - int rc = 0; - int trc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - trc = hp->hook.audit_rule_init(field, op, rulestr, - &lsmrule[hp->lsmid->slot]); - if (trc == 0) - one_is_good = true; - else - rc = trc; + if (ilsm != LSMBLOB_INVALID && ilsm != hp->lsmid->slot) + continue; + return hp->hook.audit_rule_init(field, op, rulestr, + &lsmrule[hp->lsmid->slot]); } - if (one_is_good) - return 0; - return rc; + return 0; } int security_audit_rule_known(struct audit_krule *krule) @@ -2815,6 +2851,8 @@ int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, continue; if (lsmrule[hp->lsmid->slot] == NULL) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], field, op, &lsmrule[hp->lsmid->slot]); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 139768a13d11..17391258e896 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -185,7 +185,8 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap) nap->loginuid = audit_get_loginuid(current); nap->sessionid = audit_get_sessionid(current); - nap->secid = skp->smk_secid; + lsmblob_init(&nap->lsmdata, 0); + nap->lsmdata.secid[smack_lsmid.slot] = skp->smk_secid; } /* From patchwork Fri Nov 20 20:15:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922455 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0338C64E75 for ; Fri, 20 Nov 2020 20:38:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 580C62223F for ; Fri, 20 Nov 2020 20:38:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Sp1IfQqR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731543AbgKTUie (ORCPT ); Fri, 20 Nov 2020 15:38:34 -0500 Received: from sonic305-28.consmr.mail.ne1.yahoo.com ([66.163.185.154]:44413 "EHLO sonic305-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729819AbgKTUid (ORCPT ); Fri, 20 Nov 2020 15:38:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904712; bh=7+UiCkDz3igO7GA6rXNNxixwY5GgZRf5gcnFIF8o6Ss=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Sp1IfQqRrDMJvB3O6OeBTRQ80FKvyrbIyzNunTHEZB2qyrIi280Sr/InfN2SymD99Sezh6y4btKGUb3L7eeq2fmuAFcsV5xdX/RqyqphoTyWTpqaEnk3402KZc/wHEaVflLd/tvRA5nmI6ypAwzKXDAlMpU9xnW0D+WBmZ+baftMp0lWZfwmSzSWp+DfKbVecCLJcH9E6K6OOsKMysb05yDiid2iAPOrkwu/RhVuqadwrOhC8upr4hr7HK56gevqccmbPm+X2BuDUUMBbOFTBQRezTyWKvLno1sBH/GpMeVk3RTR9u2WyRSW3yo5ruG/d0GbgTqHwWmv9yJjZBH0Lw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904712; bh=cVdOiHpvaX5hEUoOdp/ZIPhxaa5oB5XBMOsoNcalEa1=; h=From:To:Subject:Date:From:Subject; b=J4a3H6GfrrEGJK3rb0m5Hg25qq0zjVFF5ugkwpXTdUfKoa7ArAbt2jd6YuiHkwkvsXqT8ZtLP/TYxGxeAI5nVRTt1oHl4uXrFzdp3+18C74hkjw0JLIiP+5J36/Wo25ABql1SQV9zo5kVAiL8Q5HjljFTB/u6bG072QCFZv40vSqYMHDdF2/AOgI5+g07VJhRRt6YmjMSyWCCwg5Z+JmDNYzHNNE6w3ZRyHbn9DUfGuOT77g573OQsk87yzZLxnOo3H4Zoe3DYKL30Mtu2rU1XPgIKtS0ZGBJShYENfEQrRUIg+9FqTivdo+WKADP/7fi6zy4hrWPu0n5sJhbTdw3w== X-YMail-OSG: mtwqkK4VM1kpXkEv7xSlILGphO8_VKylGpNrrScTrscJacnEVTop_cxl.G3JSUC b.TCeYDfXNuur7INXVBaHDugqhPcShROT0WdW2_pwrsHZq4s.IL04mm.1sqyzwNoKCGXn4CHqohS oykhnbsE15QnNR2XTmKPy5A9K8Ggh9QpDMg.D6pLOOIKxl_10LVpe7tHWev96RMsqa6VGj2Mj5gW gpL3DKYfc9dcleHkAEl0atVcQeICzzL7pxKM57kRe8X3KBx.1NtXudb._fZUjhP8v7Yfo2dLQRjQ jofhTNzdIzI0NwSuiB5WUw0Vnju7ZkAi8Gl8ODRkBnFlIFBjBxuLtRfXeZ_XidCwLMmrFTGSDhL6 vO9Yd0ZFO_eD5KWSGEv626ANMQizci5gm_DxtyeDzQf6gX8j7SIQb7PUEv7PbvZ6.6WwvOVWPljZ KPZKcxE29zZix8hrR3wGnZZSbugMUMBC760jxjkshoMzvT_oyWN_jWCn7cWO2iuOtQEA3vjcESpz OTnG.ISteHy8pVSDGVz7rg7T8qF9T0fVD45D.BuIvG2o7k9kJ9xxI24HG4aespH9WiHD32y20hLK 2JsfKMkNvlIWkdewIzpme1MWgsv1PS3Z.2tOT91SA6kuwmzESSlso8SfP41iNrQUHSjScIUj6g4s BlupL9oTe.jbgq1VKF9iDD6D2Bfy5Zel13740LMV1gIPF5HAsVd7_7gNurXfKSiiVZrhb2e97kVQ WHBiued0I6XRad.mXFvIC3s6jR4WYWyRXDis9Pqa8t.1xiK61gKF3LTQ0b4SmQoOQcKWl.gzsv2d Ai3gQgcRLj.vu7TQ0BmqhVGr_dFCmFXdZwVpgwsiCYvx8or3cpuHaqNjUp.sSR.MYClO3tMwjkNs gsu9rxm5C.6Kf608o4R6opI7zOT6LW9iUefAbvm43DTzUf1CdxNez8db9ezNS3yzmhM4kLxETvwC 0ywgejbkbS8TG.rhirqCZOpY_pJ9TJVScviVWTAD3nU73PrZgZjy4243.j4WPAWvcjDAFEMqa0ss teJtTAk8UFqWBkSAdF8WDLwWlbjkKkwlIvUcSkoD1v02BoImEwFqfIwIi6ih5Pc1s23UWWj0RcFS U5LHkP7Lw2S5pI_GW3oXFEqUXn_nEI0iR29VpCaOIhAuLfRW54EUb2UBORZNLvYyCE9Mgu8aWnx3 Kj82g_D4f_rOr7vPCxQ.mm1PbTtW50QEvP1WlU6.DUwPzk1UZJrxnTjh11NjOXw4m3Q4FNVXVY.c ff3sVg7HI3z1DGqQNyVBhHVaYA5DOsxBTZTuV15Mn1MyXLadeIsqI3dHLpRiEnwOjnEtaefJQzRF vlCWfk9D_5_urdE7C6CDv1GEl4JImgHwVJ1M6rvwJ2izDQKAPAD_6c5V1_9ZqwZqd6uSyFZkm41B YHDoB8L0hsCOLsGNHL2KEFDxq0vQCwb9kYBgtKV36IXUTqey9Xoh2jKSnvXwp6lNeDKGGXvnD5Bv bhI0FgfMreCnSW7C3yYgpMY8QQ55RRBjzNcWVNcEquyPQSeHEbANpOB5XFpHTsF31p8IT3zSOuYA RVbDqyyEq4NDbjiAbK8QC6yqbeoR6QpvPdRdklItNYC.E4NBonyLeC6BQMQyzkNbQJGput5iPrtP JLsQ_95OCeRmFcZPUMx5e1QESwg9qG6L1XZwdotvqA4nxQtH2uPArgUcBRDaOboaV5v0Ku9LUPG7 1Fcx8.LlzBAMvoUS2GqvAKwoZ1v8tBs2LZqExR3WD_Ej0Yup3j77saWu5wDS3QROQtm4q8uYEm8b yhJdQzeVWj.QKAICkJ0a8ed5EDnKGLcxO0VZosNzdmM7SVQGP.GIVkOIFaUIq2i1AcPZ.LLtivoi toT4aQ8MvQjE12oGNWGpepDET6RT9KlHQduRFfveyiJ.qKrzFghEpIzmk6WEbLHaGXauWCyEc3Lx LxgyjrdcpMzhM4dc6SrKuvQBJA4upVTKSUP.N6FiyBEtVPRHBbp3lAEBS8DFCVB8Hug2EupKvnNl aawz3usp26VP6Od82pYsjZ_d8vOxfFYKOc.SXLsMGQfzQ6K4h40Fe.0pn.eKDuL3iKlSTIHTWjmY XtVAGTub4K0Qw4h_RJzkgrWG8EUh8VyuVah9J5HgBNRY9AhYxhAWTt0ZnO4FNf1RCntlcM3H1eR9 e3sscmiUp9XdPqlgAExxMiqOPEDxOV.VtkHMXu58HX2X5iSL5rvnmKHfuTZyxYFYKLsb1n7sx4WI Swl1I0AHTz_tlPAA1pRj.Iur5b5bGcKqDLOVE0QHomBX7zKtsMZ30si1SHvYddS_caC0NuanB8H3 DggLWFLvZXoJYMD4zbi_DETRATGjDfIN8C4SifJRNxB8H891JlBGgLzpyWFDmSOiXBkZN7NhkJ6l ehmnsyo0TdyvmZApKmwZ5GjWjow7htwfGVT0fOculV797YqyLYqHeRYUq5Rt4UHlLuCNnIZ5eqxQ kd1iAu_1Di6ghfU9qpltP52w2R3aYtr4yXoW3UF6vnu475ParXqF2Dr41FK9Dy7kRruTOVA2PlUH lqHn5D.vkHTD6b9j.B9Tl2nIl8Jm_QmwKpQN0VsJosHsSCgTewLqcfq7ofOrqKGA3gH0XC0LYVd3 A8aHAs2YA32rz4zCSCDStQf7V5mRybkJAtXzUNr4MZ2ebqxn5h7Bf0j6f8eiocFKkANMijFsatLz Z0xTJh5xk__duz3LudXDeAU9d7V3AwxaEb3zDV3p8ODzXZAvbt6HWHf_AfTkGEusYKbF420K_44o Mpe_v1wMTP83.43SEEPHL.wMcc3EX1bf0vNIjMQuabUEr0gbbcEPiSAImVSPIaEyQ49npfPieQS8 jXlMjHpw9tQIyrHvsHpSzJWFwfY05qYlXUF4MOyAqlcpi8gHnG5T_46RqWrFX_steNJDoNKM6Wnn zP8vYEuhuP_dRSfG6oUwJvepmkiupRrhaUeYZHfeYTVN1JwMs49d2SIA8epc1Fd_QLqN90NfshYF kKgV9t2EReciXdFRTO9Sf0UxC0PCsz2eft3DUP9X4LgAAj7lfPIAeFqd79ueGTDwG8_RD51VY0Tf RqJtK_I9HoqeNzVcBEjf6craDR9vVDo2BObDSucBCTXOGFypZyndFTUbZgv1iRrrUMSpatX7G6tO fQVr1YCSRJQWh6bXea0L0dYLRHArdyTCKeSLj0gPmtq1p.bGQmvZx0lyluR6jhuk0r_OhGdIXT_L UO69sMY40aLPUns9NaPfKupgCronBEGKDOsx5cvozYWzgoaC54SqLZ7vlYTRc4_87ZAKNxZbcPd0 dFoWBKBSeCcp_Bx00.Qt4W4Zqv95WVIforiTrpL698l7F5CNK9wy.3ExcC5WSogpmBJk4isVQUuC zirHWaScJrfkz Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:38:32 +0000 Received: by smtp405.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2041e98e668985278407e815db53ae4c; Fri, 20 Nov 2020 20:38:30 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v23 21/23] Audit: Add a new record for multiple object LSM attributes Date: Fri, 20 Nov 2020 12:15:05 -0800 Message-Id: <20201120201507.11993-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record type to contain the object information when there are multiple security modules that may require such data. This record is linked with the same timestamp and serial number. An example of the MAC_OBJ_CONTEXTS (1421) record is: type=UNKNOWN[1421] msg=audit(1601152467.009:1050): obj_selinux=unconfined_u:object_r:user_home_t:s0 Not all security modules that can provide object information do so in all cases. It is possible that a security module won't apply an object attribute in all cases. Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com To: Paul Moore --- include/linux/audit.h | 7 ++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 53 +++++++++++++++++++++++++++ kernel/audit.h | 4 +-- kernel/auditsc.c | 73 +++++++------------------------------- 5 files changed, 75 insertions(+), 63 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index ad1eda37166f..af9403ba8a8a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -189,6 +189,8 @@ extern void audit_log_path_denied(int type, extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); +extern int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); extern void audit_log_task_info(struct audit_buffer *ab); extern void audit_log_lsm(struct audit_context *context); @@ -256,6 +258,11 @@ static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; } +static inline int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ + return 0; +} static inline void audit_log_task_info(struct audit_buffer *ab) { } static void audit_log_lsm(struct audit_context *context) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 2a63720e56f6..dbb1dce16962 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -140,6 +140,7 @@ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1421 /* Multiple LSM object contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 554279cb1e20..1257c1787f3c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2164,6 +2164,59 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); +int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ + int i; + int error; + bool sep = false; + struct lsmcontext lsmdata; + struct audit_buffer *lsmab = NULL; + struct audit_context *context = NULL; + + /* + * If there is more than one security module that has a + * object "context" it's necessary to put the object data + * into a separate record to maintain compatibility. + */ + if (lsm_multiple_contexts()) { + audit_log_format(ab, " obj=?"); + context = ab->ctx; + if (context) + lsmab = audit_log_start(context, GFP_KERNEL, + AUDIT_MAC_OBJ_CONTEXTS); + } + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (blob->secid[i] == 0) + continue; + error = security_secid_to_secctx(blob, &lsmdata, i); + if (error && error != -EINVAL) { + audit_panic("error in audit_log_object_context"); + return error; + } + + if (context) { + audit_log_format(lsmab, "%sobj_%s=%s", + sep ? " " : "", + security_lsm_slot_name(i), + lsmdata.context); + sep = true; + } else + audit_log_format(ab, " obj=%s", lsmdata.context); + + security_release_secctx(&lsmdata); + if (!context) + break; + } + + if (context) + audit_log_end(lsmab); + + return 0; +} +EXPORT_SYMBOL(audit_log_object_context); + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { diff --git a/kernel/audit.h b/kernel/audit.h index 624828a9a7e4..3be4b03e5cb5 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -78,7 +78,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob oblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ @@ -154,7 +154,7 @@ struct audit_context { kuid_t uid; kgid_t gid; umode_t mode; - u32 osid; + struct lsmblob oblob; int has_perm; uid_t perm_uid; gid_t perm_gid; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 44b150432147..c314533dd220 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -688,14 +688,6 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { - /* - * lsmblob_init sets all values in the - * lsmblob to sid. This is temporary - * until name->osid is converted to a - * lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, f->type, @@ -703,7 +695,6 @@ static int audit_filter_rules(struct task_struct *tsk, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, name->osid); if (security_audit_rule_match( &blob, f->type, @@ -717,8 +708,7 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - lsmblob_init(&blob, ctx->ipc.osid); - if (security_audit_rule_match(&blob, + if (security_audit_rule_match(&ctx->ipc.oblob, f->type, f->op, f->lsm_rules)) ++result; @@ -1027,7 +1017,6 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1037,15 +1026,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(blob)) + rc = audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1272,26 +1254,15 @@ static void show_special(struct audit_context *context, int *call_panic) context->socketcall.args[i]); break; } case AUDIT_IPC: { - u32 osid = context->ipc.osid; + struct lsmblob *oblob = &context->ipc.oblob; audit_log_format(ab, "ouid=%u ogid=%u mode=%#ho", from_kuid(&init_user_ns, context->ipc.uid), from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); - if (osid) { - struct lsmcontext lsmcxt; - struct lsmblob blob; - - lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } - } + if (lsmblob_is_set(oblob) && + audit_log_object_context(ab, oblob)) + *call_panic = 1; if (context->ipc.has_perm) { audit_log_end(ab); ab = audit_log_start(context, GFP_KERNEL, @@ -1431,20 +1402,9 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; - struct lsmcontext lsmctx; - - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(&n->oblob) && + audit_log_object_context(ab, &n->oblob) && call_panic) + *call_panic = 2; /* log the audit_names record type */ switch (n->type) { @@ -2047,17 +2007,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = blob.secid[0]; + security_inode_getsecid(inode, &name->oblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; @@ -2403,16 +2359,11 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &blob); - /* context->ipc.osid will be changed to a lsmblob later in - * the patch series. This will allow auditing of all the object - * labels associated with the ipc object. */ - context->ipc.osid = lsmblob_value(&blob); + security_ipc_getsecid(ipcp, &context->ipc.oblob); context->type = AUDIT_IPC; } From patchwork Fri Nov 20 20:15:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922457 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48215C56202 for ; Fri, 20 Nov 2020 20:39:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D219B22201 for ; Fri, 20 Nov 2020 20:39:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="LFapbIR6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731666AbgKTUjk (ORCPT ); Fri, 20 Nov 2020 15:39:40 -0500 Received: from sonic305-28.consmr.mail.ne1.yahoo.com ([66.163.185.154]:41034 "EHLO sonic305-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730886AbgKTUjj (ORCPT ); Fri, 20 Nov 2020 15:39:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904778; bh=jsWpO9P6VghqO1+djzVHv/WzKTYjeGKpCHVDspDMBXo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=LFapbIR6NUGs5GmW9VnK+FKDh72W6v4PFHMtaPTtyAKSibmuBAyWh2yoCS/joMCkarp+RNzwFWo+xUAsRjrHm7tiDfds7S4TkdKclEXGgqpiNc/kTqTnH5e4QUmKXHydPdIjyPB8L3WbEvlV5wv1wqqNKeeSTghQ3D5UfbYRxophSu3LYPScskhzPY6JtYxi7cGqhh6oIEahjo/hA/AFuTK1KhUQtLgz4BlyqN6L/JauuPjniJwWr1X72gVrcYjAuvLZnKIO10zFi/TUnGVeNTZIXHQJJyTC7LkkgsIFvuKk51S734Vq3SQmPJGUTiDk6pNCR36nHp0JSehC90oPLA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904778; bh=DbkJBENiaO+XOQhl9cwItYGLtYlkESO/82MNeqC35Xo=; h=From:To:Subject:Date:From:Subject; b=j/zEAdXIlxWz1u4goJskentVAmhOVuCVhg9pYmDI9emrXUTtNNIRQuc7gry7gPhdkQQHLGIJl11PULb4hiogFqnA+FY39uNhqCA6S2wxNnprNQ7YDqcu2MdoujFBrGNRE7PfAJj04M5/Druq8jB4HqxKhjqzVr4Lt3GH6hK/RMk4zN09l1ftx5qvVLanv+54J3XscDHqEPIXnING/cqFuXAAFj0Ln1rjkLXe6g7Z+r50QdwcVW+NcOTjTl3NyEpVFSd5GzJzPlkTpE8YT6tv9dJFl+DVkrhGejpRgjyZpO2DMvVqWLfBP9TbFlBYqifZ1cUxE7zFn+9EM5GOlrmiaQ== X-YMail-OSG: KKh6eHkVM1lG5F3iKI_yS.Tym20S6_v5C3Q5RhPKE5DJgogg4UX80ZehOO9_MxH IXgZmxiL6GOvAYYssrypP3EftvvWOF94ug._3v3H5yuu_Aw.SDRyT8..R3Wp7TA_ATyH9inDRgSg EjvZIlJXcRrRD6HDh_MYEVaeXlw4BxLqgNRNq7H7shuIYea90i0nXW3mWzbJLbEtqFS1F_MN5pvl c9YtRC266FlgqhjyBiGyZnLw5zcOglp9ghtRHHfFbuoznjFFPyiXtHvAeICArbll3J8y0oQpnLM. wrnB8T7p.H7BMnJTIG61Wuz9xDeHk4s.REiYsa15xeEhDkOf_mS0nNb6OcFV5anZT5Uy7kb0FsjX eyz1ftqt5daiBl2EBKccqZl89nKTlNFafvufjT4pTip.9Pl7A7Nfi6q3wenTSLp06ZOir7RkHVI2 jC8YD_pihpbC9HjFVqreLH6xk56ctjImfmEkanY7SirfVqV030JntJiTM3XHoeInsiJO2X1RLvZF ccnA_DyLw6cW_vgbZlRYUDOJlugkELD48K.Kj2xNOH2_esz7HfN5jxlRZwFSOS5Kx37GnXNryNK8 CKgERGKNFlpFUctA6ZHoccK92sAsk6uwDi4IXMs4JlDnkP0ESP.TsBZtsMsfx0bqrMrOCUAqKlXS IpmdeVliRFmo4kc8QJUL_ALNnsTplWKylM3W0VTyr1vWoZlzmz4QyZtBveU5o.2wVlE2oC3nFLiu 9pbYyptCgW..yU9uToZhnkZnRx8Yf4RvQxU3.SuMEiXvFUNjOFjSN6o9qz5s0Ff0JKKfoDkHieHN azHndSwhed.LWEpfC8uGy4ZuFA1bHiLzlmkBdPm5VwXqKXcQT3z_ejjqda4SuL8u.vpoXpO2XAdU RqG8OcdwATtZh5E45Kau9Qnls3Fh_RPn.QTx7yWYiwbA0NhH5uwPW1kmV4Z8KqQFusLjph6pQPMT 2npd_62oZVvv_u981lJaDzdR6SvnAxvHHs9rBvdRKeK4Bw3579iuVU._oIP8AlZtYDsVAcyvWDL_ mcM07SeYMfv2YQIKAeQ2xhE2TF2dIB18jlk.B6Vco.n_FPO76jBKKnPXt1r7qOCJjgilJaahSDIh NGxoSgx4RLiDOZvn91enRPyn45i.GtDMxMT_Ov5TctYXPBUjtf42l94Zr1nt58vS.BpXa0thzIg0 .HjrljvHJx8uNLuxLQ1_hr8ooXC9EoZN9MqHsiXEMsV.c4hiH1TZ_nLlaGAaZZEtpv9YpbCfc2W9 IxrGHTasxMXg22X7sOOzoo72lxol4qAfKPbeb83FCLU8izjoLf8Wjl6S_QP6RwSSD2_cn7Rk3Rvm YDUT2b_P_5.gKEx9NG34OhbTf_IL4KvGBLR_J83a7jBJZcWnX1.HfVMiRVAf4B7UmKzLecLrcELD XANBFMbn6GX9N8VXOY6M.eQvvzsVnxDWF4DFXt2Y7yuW9mbKTqPYEylSraLbShI7e7jICdael9.V MhykdMYySslZneiIYXFucE4q.IT3tnW0lLQv39b3v4AinCqnLORkDq6zEbFQpaUIBEtJD6cR6zDd oamps5uJRQORjgWBqV.lF1qoseq.Huq4fjjAoOuSjXJwku8KW7He4dXyNhUrHq5mqMCWERD1UGSW gt37C81ZCOUxJvADHOixMq29HVXu2b4HYga6ZUhiPrQ53W5Jtor5sMuypcY9nOnSy72PuTSkWNYx 73RyTbvyu.1EWH9R9V_queYoW4l_XLYEOZNo8FEEYwKFc1UCntW2iI0furGQyvp_GbeZzgVeGK_t WTYNxAYsYC3LHwnCbFRBkSQZ0khbIuzP8TYFFX26m6P4TImCd7b71gR8frzOOk8T4IYEF0Eh1IwT F_jNCq5Mjo6.fWpTGPS_J4muYoWPwj7eh8yO7CZ0ZjkJtcB0u_e8HEox0UilA6Ts2Lx29FhSpaMd dQ1.UWC8N2kWu2spZ8wQTVp51Rn1MIsRfrTZGYN8t0H2sBIrC01fxsLi2SxBEnicy6BK5iHaXlPs jq3OmjsiFhUKsqKT3PNeT8aO2h4oKFnyU2WIWkMgGnx8y.s7f5q2fmQ4HfNdBrX9fiCNJWC.yDYJ qZKcyGqzu78g4ZhoefSfVq1k3WwpglUgnVT4d8JbuG9XyD_j7ATplPnlTRNUTp1HiZBvKi6feXN3 cBBgidVDybu79M5BenldVM1YXM6lfmpvtgNT7ghr1u6FbFElYQSyvYNYDVBF7NB2GFk5uLilAF7b 9dC_5ACgGOVbFztpZQXpLOIhYwjJecuc.6c6q2udxw_wxHfy.0mm_Y4SvZxDKTIooW4iJq3Nm4Ap 0EZEFOT9c.wwmAbHICcpOtV6tKAvc4VslSi.DZYouFvwtFtxYBKms6nIbpfdTUXEuy_ksmNenQzM AvmqFG8NFz7WXpj9QYIrFqNKOkl0ooIkdsUrD8.7M87COzl_yYWSW0XmOcGjApktTpWjgEblh1sl tSGn0cmu2kblgq5UNmGSWGeJpX2XZFF9g7RtLKwtqPJVRGkNSy4a289gTP1TaSP4H5ow3NL9i7Ow m_SgY7kd5WANv_Dy5ZC69GQWA0jdSOs4batssE_R8m.vUwsEJCtquuwvAGOPMvyediJIWkqdO0ud 3W_gMesexuGMGfIhe.n81rWCvf7MOVQIVupdNXAZl4bBXEC4N9T9ryYrD.qiVfhXrekMaJAuzRKg O6kM23XAjsdjoKXoFeYWIVmPuSqtXG626s7D6TxvGDQeAUqSNpCu_UBS_PbINc0QYHdhqYudFqiu 2afpg_UaHEB8TmkEbdjUaYxH51x93fxXttM.P1Ts5ckaMiwby55.LQhMVuTx5Y_PuK.H3iBiIBk1 ieknjM0KQgbz3Uwkk0rCy_fnYW1nfXUHaB.ven2X1yCOpL5iiWjPJmxZ408E4tqFOAgbScrxe.im oYBNc1MQTjPqwExMCWf6hcnLDykqGzUsOHUxqn7wtYta3_8kund4HD6VJdw2DjOOWOhhJktaHIfu f1KV9BQmW7KUSd9rv2nHzuRRk5DUUlSBWX0zEfcckbbgDwgDON_HASWMLE3gXlBwFSRgfXvzNhcJ _FPUBtWzz4C1eEEjd8SrZq5g5OHKjNpxG5FOHTgQHyJ9FydZtDUtY0Z3g7Sesz.ajfMn6Y_sM3Nh Gt0QvUgltcJb3PKxm5t0zQvJc46eYvvUvkJccn92xqFqzGZ9F9WjQfe1_r.2S4FLfrSrHP2wpagR 6Bqq6PaIZ1dUy0MMb_dh174iqvDGbet3.SgFAu86zCbyhsQSHAs0nfaULgNCFO37tyOjYSaawFME KvVMJ6N_5qJB_j2UhXvJuIdOB_wOzmeckNW1G1VlMUpkDkdg_urWaZJv.tPPKBBSC.SIUXmwgoCz cGNbAIGMdGfZrQ25VHYoHCsfH10uEZ57W7DNPVO6DWAEP30IlGx4nCm22XHoNrBLlkntwwOvkfoH vf2x4XXwVTqAgiKW9m_8xJudxzkMX3aW0vP8P.AKeOtQyw3RwOeLKZMjKhc5h_w-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:39:38 +0000 Received: by smtp423.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID dfb5d2063e3f15266d7c7e78835f2c19; Fri, 20 Nov 2020 20:39:36 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v23 22/23] LSM: Add /proc attr entry for full LSM context Date: Fri, 20 Nov 2020 12:15:06 -0800 Message-Id: <20201120201507.11993-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add an entry /proc/.../attr/context which displays the full process security "context" in compound format: lsm1\0value\0lsm2\0value\0... This entry is not writable. A security module may decide that its policy does not allow this information to be displayed. In this case none of the information will be displayed. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- Documentation/ABI/testing/procfs-attr-context | 14 ++++ Documentation/security/lsm.rst | 14 ++++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 6 ++ security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 8 +- security/apparmor/procattr.c | 22 +++--- security/security.c | 79 +++++++++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 10 files changed, 135 insertions(+), 15 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-context diff --git a/Documentation/ABI/testing/procfs-attr-context b/Documentation/ABI/testing/procfs-attr-context new file mode 100644 index 000000000000..4c0462136aac --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-context @@ -0,0 +1,14 @@ +What: /proc/*/attr/context +Contact: linux-security-module@vger.kernel.org, +Description: The current security information used by all Linux + security module (LSMs) that are active on the system. + The details of permissions required to read from + this interface and hence obtain the security state + of the task identified is dependent on the LSMs that + are active on the system. + A process cannot write to this interface. + The data provided by this interface will have the form: + lsm_name\0lsm_data\0[lsm_name\0lsm_data\0]... + where lsm_name is the name of the LSM and the following + lsm_data is the process data for that LSM. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index b77b4a540391..070225ae6ceb 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -143,3 +143,17 @@ separated list of the active security modules. The file ``/proc/pid/attr/interface_lsm`` contains the name of the security module for which the ``/proc/pid/attr/current`` interface will apply. This interface can be written to. + +The infrastructure does provide an interface for the special +case where multiple security modules provide a process context. +This is provided in compound context format. + +- `lsm\0value\0lsm\0value\0` + +The `lsm` and `value` fields are NUL-terminated bytestrings. +Each field may contain whitespace or non-printable characters. +The NUL bytes are included in the size of a compound context. +The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23. + +The file ``/proc/pid/attr/context`` provides the security +context of the identified process. diff --git a/fs/proc/base.c b/fs/proc/base.c index 214a0503589d..e8b079d15194 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2809,6 +2809,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), ATTR(NULL, "interface_lsm", 0666), + ATTR(NULL, "context", 0444), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e19393b2b8b7..32a266d22c0c 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1372,6 +1372,12 @@ * @pages contains the number of pages. * Return 0 if permission is granted. * + * @getprocattr: + * Provide the named process attribute for display in special files in + * the /proc/.../attr directory. Attribute naming and the data displayed + * is at the discretion of the security modules. The exception is the + * "context" attribute, which will contain the security context of the + * task as a nul terminated text string without trailing whitespace. * @ismaclabel: * Check if the extended attribute specified by @name * represents a MAC label. Returns 1 if name is a MAC diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 0ef5d0b2dbdb..36be7bdc917b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -593,6 +593,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; + bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); @@ -600,11 +601,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) label = aa_get_newest_label(ctx->onexec); - else + else if (strcmp(name, "context") == 0) { + label = aa_get_newest_label(cred_label(cred)); + newline = false; + } else error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index c929bf4a3df1..be3b083d9b74 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the profile information for @profile * @profile: the profile to print profile info about (NOT NULL) * @string: Returns - string containing the profile info (NOT NULL) + * @newline: Should a newline be added to @string. * * Returns: length of @string on success else error on failure * @@ -30,20 +31,21 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); + int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED; int len; if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; } + if (newline) + flags |= FLAG_SHOW_MODE; - len = aa_label_snxprint(NULL, 0, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(NULL, 0, current_ns, label, flags); AA_BUG(len < 0); *string = kmalloc(len + 2, GFP_KERNEL); @@ -52,19 +54,19 @@ int aa_getprocattr(struct aa_label *label, char **string) return -ENOMEM; } - len = aa_label_snxprint(*string, len + 2, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(*string, len + 2, current_ns, label, flags); if (len < 0) { aa_put_ns(current_ns); return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) { + (*string)[len] = '\n'; + (*string)[++len] = 0; + } aa_put_ns(current_ns); - return len + 1; + return len; } /** diff --git a/security/security.c b/security/security.c index cef9c20ce0aa..e33c8ccc06a0 100644 --- a/security/security.c +++ b/security/security.c @@ -757,6 +757,57 @@ static void __init lsm_early_task(struct task_struct *task) panic("%s: Early task alloc failed.\n", __func__); } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + size_t llen; + size_t nlen; + size_t flen; + + llen = strlen(lsm) + 1; + /* + * A security module may or may not provide a trailing nul on + * when returning a security context. There is no definition + * of which it should be, and there are modules that do it + * each way. + */ + nlen = strnlen(new, newlen); + + flen = *ctxlen + llen + nlen + 1; + final = kzalloc(flen, GFP_KERNEL); + + if (final == NULL) + return -ENOMEM; + + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, nlen); + + kfree(*ctx); + + *ctx = final; + *ctxlen = flen; + + return 0; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: @@ -2142,6 +2193,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + int finallen = 0; int ilsm = lsm_task_ilsm(current); int slot = 0; @@ -2169,6 +2224,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, return -ENOMEM; } + if (!strcmp(name, "context")) { + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, + list) { + rc = hp->hook.getprocattr(p, "context", &cp); + if (rc == -EINVAL) + continue; + if (rc < 0) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + kfree(cp); + if (rc < 0) { + kfree(final); + return rc; + } + } + if (final == NULL) + return -EINVAL; + *value = final; + return finallen; + } + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c670eb0a9515..5fd738c73449 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6292,7 +6292,7 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + if (!strcmp(name, "current") || !strcmp(name, "context")) sid = __tsec->sid; else if (!strcmp(name, "prev")) sid = __tsec->osid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 06629441b663..8da72353e94e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3478,7 +3478,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) char *cp; int slen; - if (strcmp(name, "current") != 0) + if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); From patchwork Fri Nov 20 20:15:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 11922459 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EF27C64E75 for ; Fri, 20 Nov 2020 20:40:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2E1C822201 for ; Fri, 20 Nov 2020 20:40:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="Mh/JvBHa" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731697AbgKTUks (ORCPT ); Fri, 20 Nov 2020 15:40:48 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:37072 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728396AbgKTUks (ORCPT ); Fri, 20 Nov 2020 15:40:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904846; bh=H+wPK3JtwKZOAj3KpQpuqAhGVYzQ6p+weYdxzzO+LqU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Mh/JvBHahtyWZg07kydeDI4xkEBrglQ/zBvX41XK3jaFNvvE4YrIc7DNTcnGG41AoM01q7irUmYLltUwFEONSFI4otJglIwgGzjtSEywsm7B2+UTppyQNtGIfzgVMkm5NubQmjrzMtAIzp1jO7qdVEhnJ7BlZNLlzMC7sJD3tx+DewlXq2KHVtYa0/aQcPIFq4BcbBgZ6MgDeJ08CnaUehBqthimR4FA5eT9owfnLQSGVhE9QA6P6UfXDIo0StzvkJe4DEhxQuFqfzrAijA0hFSpSV7ZBxLcMrX+ImWH+X/5RNyB0a85W+9wabz1GWGMwNF+ok4Iw0B+jJkzLtyCsg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605904846; bh=81Cpu7mvk7z0vmGNAmuWCRhB/FXZvR9qhmtroMCs3+a=; h=From:To:Subject:Date:From:Subject; b=dp0UE5v6w5iSODnjCW0+s71wbjuLG7Yx2FNVsvF+N/URJ8g5pdjULI3FzrmLphJ1T//jOrddWvo+5mAHWunKtARUUl4cUprS9PgBsloxJzCbgEmhGtQZcA3hA/zzCCo4EuqVUzpsTK2z5Uv3JHOuoX33wTKBPgtKaTM6PAABjs8p/Y2LdYws4sC0ObxEMlovPVGUEYwxUWZ1r19pVkvcI3N9iNqSuEWDFytWKK5zelQdhHY6NDJzQy5senh4B9+eHGhrINtv8kr5eCPTlPOrRYki8znB6Jp963bu8hrH6dXSWnYyZANRb3BCPNI5eVzqM51r0G8fFnEbKyXwJIgsjA== X-YMail-OSG: QEJ.gLkVM1lnDGmiGcbWtMD97I1p5_lv5qCQMR7BBOH_NXWRqjZX6BIrmOuWcxt 9uRulLo.lyjnNh3iOgQzjGFRKlzoKR.7xiGkWcvbolWUbzrnRXMzAm3Ry.mWMj.tx561X3NhOL0S nUqPaEqhh_.a_Rm.ek9EGWGPN3hcsn1NUFYBcBmeGO2vIUHmb7JPIXxAVNjF.ZxeDyqLz.urYexy JzXJXAYEjGmICr_z2xnhX3.cnSmi03_XMFB9zjVWxA5JwhflTOzQ3GcKuGCjnNcC8sn40Bu7JScd v6ER0HIrfvh4a524aGG4EVarDcJRNxznXT9sOUvIN8N4UJfyF5o2ojsn3seY1hdi5JQkHjtK5wG9 4NgAaeEfFiM7QfR0_7B0IN8ZGiB0gFDtZXpB.2ZLQP8cXJZBjxps7YCJvkblS5zTYs.sTiBOIyYA Wp7DbE5LmcZofVZy4Bvp62vW2tdjKFi97MwgKsZQ81jjZNXvBh4hCVLUjzuV.PnjQHhEAHZKiuu6 0YEaO3RJ9ZNr_2VZ7F_p_LOxkvQZ3tk.bkuuD1Gyc_dOGpcf0VDpWFJpAI9Ze8Nq8N8lML5uMfNa AHy9qynMlUCkfvNoIAeBl6xr.jtcuxgKitInaamUNk6k22kodEBQb1ks0i.zCbQtBb5TSLLk3pFX EmQ5KOIWZENObWQ6pTnTZ_kahuBqPOYbtcmnmfe..kxQ1UJ1.idJ8WRoR1h.zA1j3JW6JZU_MdZq q19lb6thWWPM8TuRKCiPzJK65tVs6daD8Rk5MVFmX_FBGGtfOrplQHYHmdkVJjAwsmD.q3sWPiz3 TiMHNPyf8WYbGd5gjzCDtuHCAy4i1LUP5M..wCc22IwOWizU.bWeX8PyiY.pmA8boXr4_6O1eAKe mMAOGj4.0rhPgNRT.tcz36PLhZMZuZm3Y3dtZ9WccC.zwWNmnO1X73E0KZDhOfeygOYlxZn5ELgW Tf0L1IDx2h85fwo9RU3YRMlXv0Y5b1zXl2JEaEUwIfIKi_ZZjqRMHFZwMAiqe0Xzjfg7R4VYB2gW WlGuvl8bfCfscfRmB0he17vf7Yko__qkHBZZhciZ1BGIhQ0vb6cuNqnR78pdGbSE3jQlE1imNRRN KzMb2SrH0q7wG4R3MQmFegfnHExLM8rL7ISJ5GMYNReX9ELHsFLLGR4VSfqtJujG7jqMC0ZSq6h. _mfzppAzs12abgqWrXcSiyzWsRbhz7YF_13rGiB5n4sJX5b_Ve.0pDRM8KSvUsk5cl0FUSz0aiuQ 2bAI0L9SUBQsUavEWgAj_HKMmeG2sR9IQpeMiSkqdEYvxYMdKGNgb1WdWGJBzA8XAOX_ayfWbI4o 2KdvbktnFeyD8L5LPokNrXm.VsL2AB9A78Lm21pAUP9.7xh6aCLU5zBnh4u_tAta.bufmsybUICO nnnk2_bdnR20uix2QPstpUvk.neLGxTYvDeDMs8FlKQHYCKzGfhl8dWPSiOwHzFazdM.6ZcOtp9B Pj3t.VL.tDwAEZsiipDh_ZQ4a7IW7Zvx4wyPcRrQHewkfMiPltRoz_j6n3DR1kbgmdOMdIK5LGmC 9cMoYpljK_elZLWxSkBMt_mdUvB5PhpK0aIgWI2o2oZ3nFiYceZWwBkm2BRMJqypX6gAshaqp7nS oaV0GTJAGWlS0ZbvkZkNjxtnoJkj1gDpGgPkBpDeHT4SML91OXAbaBU5VSoO9iEgXY.2zjh.W8vN OQJkbSnIMjclCgu8ernh1PpXvcvTUd5mUHiYColmVsJdoLO6VXYnyQ5rrHK.mIMBV3oUXquyO0kf B2Dx_tDTXmi7CsdSjyfUrFElGfGj10acrsPXNpVR2tWd3znRQBSRp5BjSqyGLLF7R_oPXieA0gaA KkAc6tY9B.64nEKAT6bncPGmBrrgMIqk50K4Rm40lJ_idtA1w1iSOlGgeCpk4LXCq1RraM.RBWqJ DGM28QizcAVQ3yN2c0aiQiDQLka8hMAH06IytQisddGKGBVVM5fVzP2_TDnKAmTt7TnG.RBY8GBG oJOwDfSwdgx46Cgcx26N_WLHw9fZNGDMAkPyq_Ctfnw8tn4uxBqDXcnFw0SL45Uhs0zmKLANyHvi F677TNE_B74407YtP4UyuVloDxmZEyedaV2cx0H1fZUfpH0RkTBNBRT5FvhGqxUEzOlQOq3HXEsl YGU7IwbO1C.N0kVTAgJ0rAXS_c1Lb0PUZwsi3Twlq.OpEtvGBgxN6HkBTzsofzuwfiVrlEZllJul q3.VcsW1EU49IktTM5SSyiSio72rhM9m1phjuVF3oOSpjkVL_qlaIARCdbvACWTMAKrwnu_ReaQp BY40zvOyeB7Bm2Hk3ss2FK2AukoSbMxvK6xt__0xgVABilBn4KNwHwxqJuNjZW1cs3_iaOkbcC2k qhEMDqEASpOU9q7A0tho0dT52cR6zYjICrnkjAuHd4wdj_zm85z0lTytHCBH5z0xz3GJOMpqO.NZ LAxPGoISxObvGJczQwDqXKRkySIa0AP8drIAjRUt.rCVqTmvwbcJBmuVBD2uJwjHZA.KwH29CgEt RD2PepJ9QzuV3PgYgcp0xp876fZHckL2IIQzNPOw0Ps.CcPpWFmkzcubk8Wjzh9Pl_wgxjxSz5CQ sAxs76NSm_JzWQWLgYQA0GSjZJpqoCuTp.WD2qmDZqDV12Xpx_XyOqxQrLZrUWBwd8nCaCGCCn9l wKa7_3o9I_.Ff3QwFeuKzZx1ZNXhAR_ryAD_rrhoshF2XczO6RUpUOySLR6WCXPESaM_ibfIwq41 DofM2RwvEeVbdS8e659741vRuvFW2reHZ3KDlViciC8BpdT3UQV7c5DfnJfSgDmcUquVH904xpJn psQLbe..8wvIT06qZ1mNeL3DWdOBQ5KEStlBgQPTVKw06RbP_TIsdTTHy7zJgO2Kv8HbJ.CQMsS_ 3BpDJ_9mRPDClJpUEErZiy1dyBHUMD5w5SUv0k4MS.8qynvRAadfBX8w_SKyfZNpIRQhl1BpL5KQ 6owO6VpAMineoFYml12jBkii.CovMQqkphX7RTJACofNJKS63ByX93SYvUqw7H04DQ2bKrFX7.rf 7ZcZKHoXu5GAhackZr8YHm091ZpVDRFW7wtAQECHNkmCItZXkk6aPpZCDbAO2b7RxKkdO8ayNJWi pL.9nsqr2zWpr90nfb1OVAfEQqIF2xqpPYpIuDo2ID7JLU.rK_vLKeTbZSHspfk.nt.ovfrJqmA. fgWGzdyF3almS6.7ChKPSRPVcJYvxDEivqHkxeAyGGBRR0Qj4ecC7Tny_uOumgkeGxLYguh9CYbW aGYwP_RLr15QVszu.Uv44v77vZCVeYqncgXWD_dLBcJvP8Uf7Wg3.BULb.pO2umwbMTtVnw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 20 Nov 2020 20:40:46 +0000 Received: by smtp425.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ece91be106397a13102061f9b7764c23; Fri, 20 Nov 2020 20:40:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v23 23/23] AppArmor: Remove the exclusive flag Date: Fri, 20 Nov 2020 12:15:07 -0800 Message-Id: <20201120201507.11993-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com> References: <20201120201507.11993-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org With the inclusion of the interface LSM process attribute mechanism AppArmor no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Remove the stub getpeersec_dgram AppArmor hook as it has no effect in the single LSM case and interferes in the multiple LSM case. Acked-by: Stephen Smalley Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- security/apparmor/lsm.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 36be7bdc917b..29e8bbdba37c 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1129,22 +1129,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, return error; } -/** - * apparmor_socket_getpeersec_dgram - get security label of packet - * @sock: the peer socket - * @skb: packet data - * @secid: pointer to where to put the secid of the packet - * - * Sets the netlabel socket state on sk from parent - */ -static int apparmor_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) - -{ - /* TODO: requires secid support */ - return -ENOPROTOOPT; -} - /** * apparmor_sock_graft - Initialize newly created socket * @sk: child sock @@ -1248,8 +1232,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { #endif LSM_HOOK_INIT(socket_getpeersec_stream, apparmor_socket_getpeersec_stream), - LSM_HOOK_INIT(socket_getpeersec_dgram, - apparmor_socket_getpeersec_dgram), LSM_HOOK_INIT(sock_graft, apparmor_sock_graft), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request), @@ -1918,7 +1900,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init,