From patchwork Tue Mar 9 14:42:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125499 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A686C433DB for ; Tue, 9 Mar 2021 14:45:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B49126522D for ; Tue, 9 Mar 2021 14:45:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231302AbhCIOoc (ORCPT ); Tue, 9 Mar 2021 09:44:32 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:42897 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231411AbhCIOoA (ORCPT ); Tue, 9 Mar 2021 09:44:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301039; bh=33eEt1fgfa4nNZd+gxQJprBgVjyeCPS2/3fgJZ9KSCs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=EClIT9KvWKnwgjyMoQIZ5HfHkZg016pwe6T1P9aSJ4O6LvijCWFFTYt9YxEhJ2eC99aEeDdzK+eficqLEU26ciWEqip6WMf+sSHm4OilnqNeW5EMdg77tXH0YcZ0MhDKLdEhMkejSl+3QbIRvK+ht5FSz2IeNw1Bjnwlq/eKkrWrrcbGX5pai96GEs6v3LGT3h24hTBpvv+mhRAphcCTb7qeKuFkuJ1Qhs+EUXzWZ6oMI0U/ytr9DvSIqQrur6hoaFCLdjj51Yna4sNH8GVLW670z5b4QXi4IUNLCg79GrQE2wtYxopGj4wm7jSeAbk8w+Kkm2Uzg0tuF0FgmrvtMw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301039; bh=FqkM3CVeSrwca8s7PdfAhV5pqFrEERNtXxMQo3K5tZ9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=a4t/sJxiaY8YZpExPFUrQddBj67QwJIG7cL245if0wcn2tW9Vr/FmUYB0ZdTYcXe+DI0WdHbCuINtlFTwfNBTixkmjwf0e8Bb7Xatmni1iCthDgjZXaTimTEZgBfBtdaIYmDVdoeAHRtE3N69+fm0wJeHRnEzGDa6/pYyUAuuyeQQZSVH2RKIjBgSZxQjtw3DXtenspOU6I0TJDGMwSM7Qf6cu+gm+CBPPwrsIYPy2Kgj7C4EigJYkBe7G5fSOpdIschoMMJkubqP0MA+LQb9MGx+cJtOvib9UxySPNara56/14QvnxVFvX3nIBd4XHY2x9OJdr/C5uSVFl7+qX9ww== X-YMail-OSG: JtmRmRYVM1lrxMOTPBv_Cp2uBZ8toPRFTG7ftljbV1gux2L3Pg4fOdQ.8.nqPBm iJUHjKdpdFdExWEKUUeSPVQU3_PSaQwqjbzU7ptFN6yR7WQdNK5PsIB9w.HSeAEbnD32gMuf.aGO YltJcEwZwrYBT6Rdiw1CMjxymWUlASoIF96vpShmRsjP4QLj.P9D.p2lNCbFxj6k8V.I6c2Z5u2V BRaS_vxaRvKeN99lsqZcJuPMgIioBLyQCsvDT9HgDjSCeNpTvoDr1y7fbweSw7THiOugoTsVkhGT a_rETzFsAGmwQ3PE0ovJfCRHub4WT9MU.L0LEXEH3QMWQaWWhEjVzg3OcrhznT45VlmskXZAKbta .zeW_kuNLC9U.7tPIFOG5m9fDHuFlQEMmObMe7AiMo2A.uR25BVAWdiHw24SOGSwhxmdV2TmwHIv nHLo_LrBZApJ7EjgyegHpNyfAnRdrm1s4GKYxwiDOQfSIuNkR_YBVEQ_sIRe4oNPCATSzW_EnsuW EWGnL4.LpA8eUD5VO863giwIEzJM.AZB5kTIP2FyB8.9AVWz.ZNXIkLHax2X7CaV8.R1.5dDvu7T M4293Pj0DKSEk0I8iTUtihKJubwjIt3JJIYFLq7JBOlYJo0FeX7nbSoBmDnx_XJFJheyC3QjzmZO 71pcgOqwSM1GHiZu04YqOawl5UH6aFkb63WbBEX4d7FdROZ0X2ZciRe.n12UJLicKnMuAYEwAev_ _I9w2pSq8GyM86yaFxd9EuHm8xxgz4lTLWXVPX92lFs5.aJaeEzKoEgG5e_7Q6QwEfo1WLFeCMCM 1SdQ9kbOwq4IvNwK4krDX.69l1rvd36PEOKb2gqGpTSQJ7goFEg7kixoyOqYbfOSCqW6TsveuFOd XHILIYIUp7Z24mXfYIaJ8JJq67DQJ6ZeS0Q5RjbaYk_PolZK04HTf1qEbGLLj78H9icy7aPJAfR3 neMBCPPYfEzC9ADNrqJnEizFBeXxgEbumH1vg71VY0Va5n1hUlmzBsfufUuaIIZEV6f_0.2IGxga M3EWq3D_i80ioyDStEsO7VuoqQiAemh3FVHsSsQt.ggvKAp9P5ryee13iG.vmAw5A0cG2Fq03r5Y Wy4y.18yJ7JUIaqovShrIGSmKPUQk1J9t2GihJUwK.KFAr6Bnhkm1k8tVRd24_1eAlERwr4FAl0c ezX3mvdHN_JaPTJw.IzPbSDc22FeHLSL2rzLCgBrN5GHudHOBW9mX1DUtcTPOL1QMZlrJKfZbnAB gvBVERoqcAUVv1Cbpm59a6I5WI3dorcF9O0zB6sWUwLp4vb3TL8EG11waLLFbkBzND5lMgFcyif. 5DMZ8EKRblOUEtGpf_0gGU6xnZOsKU5D8uVajQYD7OdmGJ8zeXSwHX8jYAms5j7Liuu3FJWGL1N4 Iyx9cF2sFKlS9_DCuDPXw.rQ9pJdeSX0LD0PWlk7nPfMO5pT_1.VfQFGUiXgiFXjLiHuJRWyMGxQ sRD99A4syAadtjZEzY6js2RI7xdiB7Ok86yF7Zb9UAVf_qiwkT1hujz2EECNemCAPPE_l_FaFvmN nDs_rTUy_rRw2CF_x6VgXApomH.j0AjiAXo1OHB_Zp8fps4..9NtpsJBHLC_ouoIFPqvvrLBufc. JDyZKoxAeA197IQSEji5sUjVNxDlSRzjITQa_Ady3CcQAlp8NKOQLmSl6dL84FjZLXYTG14BR5Zv ab2D1sl3E.zRpvx1UBwmUzPWXkbD8ct54R1vpDisog8I_XaISSIDrrxAWDqMKub.6XZacu9Hz1Ae oF5MZX5qyTV7xR63EecpB6ipayikBPxX4FnESFyjiK8YxKX90X.N6l8ed5MNX7ICGemMP5XAo7em CKjeQ.K1g0wVzylFogDiYNqB.Z._rD9HN_vix6cDd3Tuwnb04A6U5.PIxpATOBUG85cTokWeU9Yy brxM1ZuQ8vEVUKqIScaNyIkGvjLWIy5hWzzbnHnQ06SE0zS_4dL.Os52A5uFuhoQjzGLWrwuavZd 4Qwiy8Wf8HgaYBZFKLXABILf8Blka9_Qq4FkEnxk1HT4mT7D.7KEv4egbtlTqK3G3VV9geH5y4fM Pi3KSNIolV1c2hzhMESBFpmL04FyMToN7Rd2iKOCbbh1I1ELRG64nwehS6CNAU7sG2GKpyasRiky .wDvshHM06C5PI9nuXhXyOqaKJsnxTXql.OpJarwZIOrHiAt4iApkoN_cGQ6x9MH1B4kapAr1f0P PDa8q8vVw6OPUfYg53YSjMLRTc8XWwAeZjzJ5JQ_5pvNCGIGdwTEln2JRgHAvmsG5kkSCx3P4UvG NCZmJN.fc_bLtNPgX2gudbDufmv0fPc4HX3k9ORjBI5erw9H2bsa7cly1kBUNQiS3dt42MbOA753 uSH3RxBHTOBkRXf1eOEdepgYbvtflrhO4KNqsVu2i9gUrHXINqrIALbRmygtus2SndRJ_gORxeU0 C5__IZMCF9GEa6C5VprCyeC.za4Zeg1MERNUh.YSNw8.4oI6kkx7pvGARYXIebUaGu1efnCzzd9l sOH9tsutKKNmIDRkBb6MXS_R5pyJ2gznImZOQJvHyGquSJ1iH2Q6XXQTMeyoD2RSXjVA.LFOuYeB 12GoN6g55CVPkHOgdrBkcfyC4K6nmb2vOHCdvvcXdHOILD5vrkZvCVzPuey8kWXWR.vl3vEQctZU 8lSwvEmk72r6ukl0BAUmlK0.Gdvt9dckXDzNOTC.3aRykpxu8JRL00mXZBaaPALutegdDH5U5.AY LHm8_uTBTeQp86jURnJMx3M8n86TtH_W2wNrU6.RG9koWfbEHBARetTt1rm3kAoOfdT9KogMV0Ic z7bggMhgU_paPGXNC0AM..AoOmeQxLglwDKcV0QPg0v5bYOlk6ToycVLg_pIMjp_l8nTEW60UYLU hIDaJknu8ZPwxUqZG4yBo0LMFaarYOXwlyfKM_ihYPGvwUFfdlIngmfM3rUst7DdBWWra9pfejSe fLT7ctc5zcTay70yvh.X.U5bXPAEmTEwTB7M_Ht8ocacXtbfGqUFzvji2hXBX2Ukx_kKeNFMGpSS V8DklFjU9HDe1Lys7xFHMNDjE.yxpS0UwYXhMPNpeEylk_qt1g_ZOyR9RcYzEn0OrFMw- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:43:59 +0000 Received: by smtp417.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b14b2cd460af83d26d7b4f2d6c533d46; Tue, 09 Mar 2021 14:43:58 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 01/25] LSM: Infrastructure management of the sock security Date: Tue, 9 Mar 2021 06:42:19 -0800 Message-Id: <20210309144243.12519-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/net.h | 6 ++- security/apparmor/lsm.c | 38 ++++----------- security/security.c | 36 +++++++++++++- security/selinux/hooks.c | 78 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 ++ security/selinux/netlabel.c | 23 ++++----- security/smack/smack.h | 5 ++ security/smack/smack_lsm.c | 66 ++++++++++++-------------- security/smack/smack_netfilter.c | 8 ++-- 10 files changed, 145 insertions(+), 121 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index fb7f3193753d..00d155d32ff3 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1573,6 +1573,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_sock; int lbs_ipc; int lbs_msg_msg; int lbs_task; diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index aadb4b29fb66..fac8999ba7a3 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,7 +51,11 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) +static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) +{ + return sk->sk_security + apparmor_blob_sizes.lbs_sock; +} + #define SOCK_ctx(X) SOCK_INODE(X)->i_security #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ struct lsm_network_audit NAME ## _net = { .sk = (SK), \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 240a53387e6b..028b5a5c4468 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -775,33 +775,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo return error; } -/** - * apparmor_sk_alloc_security - allocate and attach the sk_security field - */ -static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags) -{ - struct aa_sk_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), flags); - if (!ctx) - return -ENOMEM; - - SK_CTX(sk) = ctx; - - return 0; -} - /** * apparmor_sk_free_security - free the sk_security field */ static void apparmor_sk_free_security(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); - SK_CTX(sk) = NULL; aa_put_label(ctx->label); aa_put_label(ctx->peer); - kfree(ctx); } /** @@ -810,8 +792,8 @@ static void apparmor_sk_free_security(struct sock *sk) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); - struct aa_sk_ctx *new = SK_CTX(newsk); + struct aa_sk_ctx *ctx = aa_sock(sk); + struct aa_sk_ctx *new = aa_sock(newsk); if (new->label) aa_put_label(new->label); @@ -867,7 +849,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family, label = aa_get_current_label(); if (sock->sk) { - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); + struct aa_sk_ctx *ctx = aa_sock(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); @@ -1052,7 +1034,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) */ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1065,7 +1047,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) static struct aa_label *sk_peer_label(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (ctx->peer) return ctx->peer; @@ -1149,7 +1131,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock, */ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!ctx->label) ctx->label = aa_get_current_label(); @@ -1159,7 +1141,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1176,6 +1158,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), + .lbs_sock = sizeof(struct aa_sk_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1212,7 +1195,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security), LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security), LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security), @@ -1763,7 +1745,7 @@ static unsigned int apparmor_ip_postroute(void *priv, if (sk == NULL) return NF_ACCEPT; - ctx = SK_CTX(sk); + ctx = aa_sock(sk); if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, skb->secmark, sk)) return NF_ACCEPT; diff --git a/security/security.c b/security/security.c index 5ac96b16f8fa..59e1509c76d9 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #define MAX_LSM_EVM_XATTR 2 @@ -203,6 +204,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -338,6 +340,7 @@ static void __init ordered_lsm_init(void) init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); /* @@ -656,6 +659,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp) return 0; } +/** + * lsm_sock_alloc - allocate a composite sock blob + * @sock: the sock that needs a blob + * @priority: allocation mode + * + * Allocate the sock blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_sock_alloc(struct sock *sock, gfp_t priority) +{ + if (blob_sizes.lbs_sock == 0) { + sock->sk_security = NULL; + return 0; + } + + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority); + if (sock->sk_security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -2207,12 +2232,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { - return call_int_hook(sk_alloc_security, 0, sk, family, priority); + int rc = lsm_sock_alloc(sk, priority); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sk_alloc_security, 0, sk, family, priority); + if (unlikely(rc)) + security_sk_free(sk); + return rc; } void security_sk_free(struct sock *sk) { call_void_hook(sk_free_security, sk); + kfree(sk->sk_security); + sk->sk_security = NULL; } void security_sk_clone(const struct sock *sk, struct sock *newsk) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ddd097790d47..57b8a07bef96 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4576,7 +4576,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec, static int sock_has_perm(struct sock *sk, u32 perms) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4633,7 +4633,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, isec->initialized = LABEL_INITIALIZED; if (sock->sk) { - sksec = sock->sk->sk_security; + sksec = selinux_sock(sock->sk); sksec->sclass = sclass; sksec->sid = sid; /* Allows detection of the first association on this socket */ @@ -4649,8 +4649,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct sk_security_struct *sksec_a = socka->sk->sk_security; - struct sk_security_struct *sksec_b = sockb->sk->sk_security; + struct sk_security_struct *sksec_a = selinux_sock(socka->sk); + struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); sksec_a->peer_sid = sksec_b->sid; sksec_b->peer_sid = sksec_a->sid; @@ -4665,7 +4665,7 @@ static int selinux_socket_socketpair(struct socket *socka, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family; int err; @@ -4800,7 +4800,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; err = sock_has_perm(sk, SOCKET__CONNECT); @@ -4979,9 +4979,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { - struct sk_security_struct *sksec_sock = sock->sk_security; - struct sk_security_struct *sksec_other = other->sk_security; - struct sk_security_struct *sksec_new = newsk->sk_security; + struct sk_security_struct *sksec_sock = selinux_sock(sock); + struct sk_security_struct *sksec_other = selinux_sock(other); + struct sk_security_struct *sksec_new = selinux_sock(newsk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -5013,8 +5013,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { - struct sk_security_struct *ssec = sock->sk->sk_security; - struct sk_security_struct *osec = other->sk->sk_security; + struct sk_security_struct *ssec = selinux_sock(sock->sk); + struct sk_security_struct *osec = selinux_sock(other->sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5056,7 +5056,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { int err = 0; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5089,7 +5089,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; @@ -5157,13 +5157,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static int selinux_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { int err = 0; char *scontext; u32 scontext_len; - struct sk_security_struct *sksec = sock->sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sock->sk); u32 peer_sid = SECSID_NULL; if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || @@ -5223,34 +5225,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { - struct sk_security_struct *sksec; - - sksec = kzalloc(sizeof(*sksec), priority); - if (!sksec) - return -ENOMEM; + struct sk_security_struct *sksec = selinux_sock(sk); sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); - sk->sk_security = sksec; return 0; } static void selinux_sk_free_security(struct sock *sk) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); - sk->sk_security = NULL; selinux_netlbl_sk_security_free(sksec); - kfree(sksec); } static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = sksec->sid; newsksec->peer_sid = sksec->peer_sid; @@ -5264,7 +5259,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) if (!sk) *secid = SECINITSID_ANY_SOCKET; else { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); *secid = sksec->sid; } @@ -5274,7 +5269,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(parent)); - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) @@ -5289,7 +5284,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) static int selinux_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb) { - struct sk_security_struct *sksec = ep->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(ep->base.sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; u8 peerlbl_active; @@ -5440,8 +5435,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); /* If policy does not support SECCLASS_SCTP_SOCKET then call * the non-sctp clone version. @@ -5458,7 +5453,7 @@ static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; u16 family = req->rsk_ops->family; u32 connsid; @@ -5479,7 +5474,7 @@ static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = req->secid; newsksec->peer_sid = req->peer_secid; @@ -5496,7 +5491,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) { u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* handle mapped IPv4 packets arriving via IPv6 sockets */ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) @@ -5580,7 +5575,7 @@ static int selinux_tun_dev_attach_queue(void *security) static int selinux_tun_dev_attach(struct sock *sk, void *security) { struct tun_security_struct *tunsec = security; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* we don't currently perform any NetLabel based labeling here and it * isn't clear that we would want to do so anyway; while we could apply @@ -5724,7 +5719,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb, return NF_ACCEPT; /* standard practice, label using the parent socket */ - sksec = sk->sk_security; + sksec = selinux_sock(sk); sid = sksec->sid; } else sid = SECINITSID_KERNEL; @@ -5763,7 +5758,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, if (sk == NULL) return NF_ACCEPT; - sksec = sk->sk_security; + sksec = selinux_sock(sk); ad.type = LSM_AUDIT_DATA_NET; ad.u.net = &net; @@ -5855,7 +5850,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, u32 skb_sid; struct sk_security_struct *sksec; - sksec = sk->sk_security; + sksec = selinux_sock(sk); if (selinux_skb_peerlbl_sid(skb, family, &skb_sid)) return NF_DROP; /* At this point, if the returned skb peerlbl is SECSID_NULL @@ -5884,7 +5879,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, } else { /* Locally generated packet, fetch the security label from the * associated socket. */ - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); peer_sid = sksec->sid; secmark_perm = PACKET__SEND; } @@ -5949,7 +5944,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) unsigned int data_len = skb->len; unsigned char *data = skb->data; struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 sclass = sksec->sclass; u32 perm; @@ -6975,6 +6970,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_security_struct), .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), + .lbs_sock = sizeof(struct sk_security_struct), }; #ifdef CONFIG_PERF_EVENTS diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index ca4d7ab6a835..598919af5680 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -188,4 +188,9 @@ static inline u32 current_sid(void) return tsec->sid; } +static inline struct sk_security_struct *selinux_sock(const struct sock *sock) +{ + return sock->sk_security + selinux_blob_sizes.lbs_sock; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index abaab7683840..6a94b31b5472 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -67,7 +68,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) @@ -100,7 +101,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( const struct sock *sk, u32 sid) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; if (secattr == NULL) @@ -235,7 +236,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; @@ -273,7 +274,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, { int rc; struct netlbl_lsm_secattr secattr; - struct sk_security_struct *sksec = ep->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(ep->base.sk); struct sockaddr_in addr4; struct sockaddr_in6 addr6; @@ -352,7 +353,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) */ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (family == PF_INET) sksec->nlbl_state = NLBL_LABELED; @@ -370,8 +371,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) */ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->nlbl_state = sksec->nlbl_state; } @@ -389,7 +390,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (family != PF_INET && family != PF_INET6) @@ -504,7 +505,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, { int rc = 0; struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr secattr; if (selinux_netlbl_option(level, optname) && @@ -542,7 +543,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, struct sockaddr *addr) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; /* connected sockets are allowed to disconnect when the address family @@ -581,7 +582,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) diff --git a/security/smack/smack.h b/security/smack/smack.h index a9768b12716b..0f8d0feb89a4 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -357,6 +357,11 @@ static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) return ipc->security + smack_blob_sizes.lbs_ipc; } +static inline struct socket_smack *smack_sock(const struct sock *sock) +{ + return sock->sk_security + smack_blob_sizes.lbs_sock; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 12a45e61c1a5..112c2c03c70b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1446,7 +1446,7 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) isp = ssp->smk_in; @@ -1828,7 +1828,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the @@ -2235,11 +2235,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) { struct smack_known *skp = smk_of_current(); - struct socket_smack *ssp; - - ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); - if (ssp == NULL) - return -ENOMEM; + struct socket_smack *ssp = smack_sock(sk); /* * Sockets created by kernel threads receive web label. @@ -2253,11 +2249,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) } ssp->smk_packet = NULL; - sk->sk_security = ssp; - return 0; } +#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket @@ -2266,7 +2261,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) */ static void smack_sk_free_security(struct sock *sk) { -#ifdef SMACK_IPV6_PORT_LABELING struct smk_port_label *spp; if (sk->sk_family == PF_INET6) { @@ -2279,9 +2273,8 @@ static void smack_sk_free_security(struct sock *sk) } rcu_read_unlock(); } -#endif - kfree(sk->sk_security); } +#endif /** * smack_ipv4host_label - check host based restrictions @@ -2394,7 +2387,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) */ static int smack_netlbl_add(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc; @@ -2426,7 +2419,7 @@ static int smack_netlbl_add(struct sock *sk) */ static void smack_netlbl_delete(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); /* * Take the label off the socket if one is set. @@ -2458,7 +2451,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) struct smack_known *skp; int rc = 0; struct smack_known *hkp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smk_audit_info ad; rcu_read_lock(); @@ -2531,7 +2524,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) { struct sock *sk = sock->sk; struct sockaddr_in6 *addr6; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smk_port_label *spp; unsigned short port = 0; @@ -2620,7 +2613,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, int act) { struct smk_port_label *spp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; unsigned short port; struct smack_known *object; @@ -2713,7 +2706,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) ssp->smk_in = skp; @@ -2761,7 +2754,7 @@ static int smack_socket_post_create(struct socket *sock, int family, * Sockets created by kernel threads receive web label. */ if (unlikely(current->flags & PF_KTHREAD)) { - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); ssp->smk_in = &smack_known_web; ssp->smk_out = &smack_known_web; } @@ -2786,8 +2779,8 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct socket_smack *asp = socka->sk->sk_security; - struct socket_smack *bsp = sockb->sk->sk_security; + struct socket_smack *asp = smack_sock(socka->sk); + struct socket_smack *bsp = smack_sock(sockb->sk); asp->smk_packet = bsp->smk_out; bsp->smk_packet = asp->smk_out; @@ -2850,7 +2843,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) rsp = smack_ipv6host_label(sip); if (rsp != NULL) { - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); @@ -3578,9 +3571,9 @@ static int smack_unix_stream_connect(struct sock *sock, { struct smack_known *skp; struct smack_known *okp; - struct socket_smack *ssp = sock->sk_security; - struct socket_smack *osp = other->sk_security; - struct socket_smack *nsp = newsk->sk_security; + struct socket_smack *ssp = smack_sock(sock); + struct socket_smack *osp = smack_sock(other); + struct socket_smack *nsp = smack_sock(newsk); struct smk_audit_info ad; int rc = 0; #ifdef CONFIG_AUDIT @@ -3626,8 +3619,8 @@ static int smack_unix_stream_connect(struct sock *sock, */ static int smack_unix_may_send(struct socket *sock, struct socket *other) { - struct socket_smack *ssp = sock->sk->sk_security; - struct socket_smack *osp = other->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); + struct socket_smack *osp = smack_sock(other->sk); struct smk_audit_info ad; int rc; @@ -3664,7 +3657,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; #endif #ifdef SMACK_IPV6_SECMARK_LABELING - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smack_known *rsp; #endif int rc = 0; @@ -3876,7 +3869,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, netlbl_secattr_init(&secattr); if (sk) - ssp = sk->sk_security; + ssp = smack_sock(sk); if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { skp = smack_from_secattr(&secattr, ssp); @@ -3898,7 +3891,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, */ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; int rc = 0; struct smk_audit_info ad; @@ -4002,7 +3995,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock, int slen = 1; int rc = 0; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { rcp = ssp->smk_packet->smk_known; slen = strlen(rcp) + 1; @@ -4051,7 +4044,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, switch (family) { case PF_UNIX: - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); s = ssp->smk_out->smk_secid; break; case PF_INET: @@ -4100,7 +4093,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) return; - ssp = sk->sk_security; + ssp = smack_sock(sk); ssp->smk_in = skp; ssp->smk_out = skp; /* cssp->smk_packet is already set in smack_inet_csk_clone() */ @@ -4120,7 +4113,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, { u16 family = sk->sk_family; struct smack_known *skp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct sockaddr_in addr; struct iphdr *hdr; struct smack_known *hskp; @@ -4206,7 +4199,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void smack_inet_csk_clone(struct sock *sk, const struct request_sock *req) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp; if (req->peer_secid != 0) { @@ -4700,6 +4693,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_smack), .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), + .lbs_sock = sizeof(struct socket_smack), }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { @@ -4809,7 +4803,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), +#ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index fc7399b45373..635e2339579e 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -28,8 +28,8 @@ static unsigned int smack_ipv6_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk && smack_sock(sk)) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } @@ -46,8 +46,8 @@ static unsigned int smack_ipv4_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk && smack_sock(sk)) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } From patchwork Tue Mar 9 14:42:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125501 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6EA2C433E9 for ; Tue, 9 Mar 2021 14:46:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8951D6523A for ; Tue, 9 Mar 2021 14:46:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230063AbhCIOpi (ORCPT ); Tue, 9 Mar 2021 09:45:38 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:46731 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230446AbhCIOpG (ORCPT ); Tue, 9 Mar 2021 09:45:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301105; bh=/k7uyb5fK62jTwLqIfBQVlLrX16uNJ4UV73JM/eKHwg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=jFPevFo9hkU2ZJoDdwzz0Rh0zv4sToouNG7PvW3/pGn7IJilpnXu3/yvMCgRhXDOeRS9TXYV/WzYFnkQoNg1pTSR+yB1cbHFO5OnCLum4pw/xKoc4nMW+jvRQ6tlJ8/VGZ5x8s/f2tH0xFMjcCkBJriysSB5i/2GMeStE5G2XTKO/Ens+hIV1sgYq/8tgdu5dBerziE9EHyUmyAj/lAvzlsciQsazFR1Q8njUOnz6obY9nt1xuiY2T15yh8uCEN/hHdlJWcE33TUyvF6AsmdXUaVXOPVnDbEC1vAcRm8wNz9T86ptieaXH+/b7xaqlRMje6N9/lLWmmLxkHEU9D8mw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301105; bh=KorX8u8vw4If2S6TXpc6WyEtevnCkZu5UUVtLm+TE25=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=JoXOJ7esJvr/AhQgOour0TRnCrIEbVyk1g2g59KPizYeWaDoZZdDH5dTCv4TJxCeUxIUEhphV3AWYN1tGoznmwTDttwkVyeNsiy7aQSgd9ThfcGSElDfBdh8ADf1lf/Oe3RHjbvE+qb4nIZ9jfjBEH4CHGXJzDs/Vd4aysszMrNQITKhxt63XKZzy/0auc+2+J/QsrL83x4oM/zMuzDa2QsPX3gBM4VLoqmX53Zo6Xh30NX4rrdM6qnSAX9CjgZCsZNAjQDQGmfptqCeyJd5DRFk3UO80wDZUSjocBthtrTLr6BXrb5t0odkgNKmYCtEwS3P3Y74csEg5/iit2GbDw== X-YMail-OSG: T6gN1WYVM1nUjC0snd99bTJ6YIxnIj5eklzLnqmcomnkrdI2iM9z1xrROoGAS.6 tdOn2U5mloI_6jHUZTfAxvNnCFaM9MEcsipgVW8b1xdx840Rq4TiFymwJ3Q3RlsUJoUPgRQ2CZRk X3oWFw2omWWIElRVFcIJ8fdh2pWF2oj5k0zjOxkdN9M7V1KCSMIEqt3tow0WKnWxT0wEjyDZWCz3 m.j8oHJbafpMuRHLi6HzPJUyaJ3zM9WS6_u.k2Azy.Bcqcx6aNTgtY8vaBOQ1xwRbSrTvgOhGDbn rcjIxoget_wA._Tu5tIL1xIcZkKx1z3zHx4B5kkRSHXhpISomNanJfqehKn3sF24laF1lDxyrWON h8iW1jR6Egn.pdPlHNYzjGMscnqu3tP0YLuW6EVnY_NzpgjJEzhXcKbR9fYOP8HQQ1zCJw2iGt7v vdxBL5NwmHdV3DrB47DuopmdsE.uDttfaTcihp9dFoetUbyEv5ntIWpAjUdrGNX1fTlHl8RsoAlr GMFlRHZFZpD1zrqlERAqXoiLi6FDV2TKQPQjZ7MbXdG.z.jM6s.3GyPC.GLPUFaZwBIQZgptZDGm p.bXcrM5qeVMtLl2SAdBn7aTlltYFM7bsrlQZGiuAhDWPMsE5wIU_AFRqLSecn8cWEoOrEyJAQOD WZCmcK6Foa5C70Vh8uwKpEWeCW5svUGhAaxUbasFl6IbNlkt99Vui6mf8yh3Uzks30AXrtfggDNV 0wIz81tNHdkE1Jm1fQWQksIhpMWdQ7xy5oyokjOErtEQ1.eyEthttgMA6nx_byxp6sI9FRBbrR2_ kB8Bn7UwxN6dPq9qYFvq8deosdtA8zbO5zQF7FoLyjBMcRHdOoH.oXJKOAJp1UkW0t7LwzWsD1Sy aRZjbWkg.6FePra26Ptjtfp8r2u2aN3Ghuyx35Z5tF6cnV3v80Ic6Ly1IR.HQmBXjLLg.hJj5EPf nQ8GbFhxPRagKo7L8j5B.jI5LzQ0R0TjiTG4XnJqtxJrrOWWylehaD0RUPgWTB9MaT0Pm9DmsN3W 9KXRTdxxJ9T1Mxl7NlRHe991ENda9Ijsu.d.QxmpCoN7e9MCuQnhNwGG3axPjq5vM8OkuepOCg00 xi38SmbpPPIVOZHv7UWHHYXX1EFby1rjXxj2VSoLQF7c3FAQ84m4GG8K81yS7UEe6u6v656GdGfO R4ev30hAPIyOjvqr.2IGVruTrykpTwZNv9bvTIC6Vx2BMU819QK3b_rmn4ZTcPvWfRVoHF8qMdtD LB_W6e5u3oDDUjX_D.VXjwDJWn.nMxnjrgRa.FM4Tcpc5Xk_1lXK34.e9IFroDgFWuOILyjT9yX7 Hxf3YyKi3IXJio2HcIDAzVqY9d_Zrm071M6CL3mIJlqPqEDprpNISAvRLsHEW09WG4bY99xqwclr 3T9H0iZjvHwnvXxvUDmJ9CL6QIUW_m74aZy5DDbSb2xubUhOx3vNfnvN1mIiksDQBhhBYrWTyjkP YyWFQEx2cucKidubjBIjuZGla0qwnoV8ao61pKKqF09DJNmHYeXOhKMcMBd51eq.Xpk6W2lQJMbX Logvn9rTMnca7waadIMSZloQ4XlZy5_y7Ung2FkEC_W72zWc2NFqDohZ6AP_6NB01GIj94_M8vHu spMJxlpeWmR46cqored5O9ZG4eI.VmuO.X3hzQeZZEfjiYKFiunTqAGl_E1wVaMLQIicttKqnNrW LYvpu59M3zvPyGHCVVwiphIWXAjLEXSkr4RpSK_A9xCGX5yEWb72P.oIIApJAMm8KDurlpMexUqh XswOWiaVTKPNb_ckDdvV6Ptyv.YoJeqazYOxnKEiPdlFP6cI2xGJQ07uKQXBE3NaTuI1c5ZhwI65 v2Pvs94JpenRYYwLGRv0ospGNS82v8OYRuA05qZVESMOevriqi3dT8xGhBCjdsQ1GI0TOMJ9daF8 zgbHvUzWv_nsnk9QpPMhf74Ic3MfkqRTylAHeW9w1QeWpR4PKBm79PYz5V1zJYTscbz5wTroEyRv HstTfZCSPdogLBfJUsmqjdoJTuu9tkbDdkdVwHPwTLdl9Zy7gJaHqgYKXfhgOMbYHnNFfyerBA79 JRqFoh4a2.BYqaOBR7DW7vgLn1IdkXFHrQmICtugugvJU.fp5br2aEQ4gKvWElDsZ9A_wnBPuSGO FK8XGk.dfmSgsljO8CYTcVD5Nt8To.Ye8RBVKZVwTjdc3j1G1phZI4DHq4Str8NKRLOJrdQOoo0M 2S6BJyaFgCgaofYgU5MUrtajx5lxwTiClE.c0aUSqJ5jRv4bNYQ1K_fGVlydT4aT6grXm4eW.Nt3 0QXebtYjn.Jvp48pXK70.b4fLExKA1kflrceNjij3Cssh6b8yPCx0HEorr_ZkWnY3_kpyqH_5rcA PZ0rwVcu1iEJ2CgY.mqwTKkoMstJeRyEnE54z0dAWBFkfCRfCQ7ub6ksqvpd6FXhYzQ5zoxMRKFB ekbUx9W3ChFRVNyBUlz5gK4vi8JJo9wfDxBsh8MVA1Xeobxqn7BpPjI2rPj6yZUAk3IOusSK2NNX hdUktL.NIgQ_NNO7SW68i0xagb25cO5J452Zvof0zD0yIcbrH_PlbLi0v9n41Vq_6RcudaK1wjhN Vl5KRLDfVEKLZfZXsdxKw_A.Q0WZrtn7KWIzXXvToMBnpwrJdSTlttQ9ToEQINbXOs5V0v.sfqYS 8HYSftLJj.WmT5njcT4A6DjxEQ5BUSDEm1AKPV8eLig1llF0VYiimpU_zddI5m3V2RVChGBjj4Pr 68E74VPo27n3kcM6yP2D0o6ERERoo7m8eh5x9pzf4vJ23pVSaD01qV07847fkJbHQrsmzJ6hdfaW Tzsdw5U_wbJWIpcEfu09GyqmKKhy3LmN63WHP3FAGNAiXTG.Rg9sE5Ohsp6IYy4SNTPnNzCSG4Ix suvyEz8MOfeCfksFA28QarYzg0xv7WpVfLzxVWhNS4wRLJZ4iwzKMA83aY6ZwxphGDwRIC5gQYr2 lfOuDhS8kQ1xen4cCL2TuoRaJG00QfxI4x2iHEliqCTVJQvJf6LBkYDU68C46llU9zLDjGTrfW8H wWXptbDRpbXyNtPsN.zE4Tb6p72IBi1sAqCJ2r9FWaFuc4sne_4DJDfOiWrLVVDPy2DAmEc6oNJm NOTiEcnAJFfi0OwFvgjO2asEFkd0henGwgA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:45:05 +0000 Received: by smtp406.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 47620f72e0a0257e3bb54eb01a3bbb85; Tue, 09 Mar 2021 14:45:04 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v25 02/25] LSM: Add the lsmblob data structure. Date: Tue, 9 Mar 2021 06:42:20 -0800 Message-Id: <20210309144243.12519-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. Because IMA uses the audit rule functions it is affected as well. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: John Johansen Signed-off-by: Casey Schaufler Cc: Cc: linux-audit@redhat.com Cc: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org To: Mimi Zohar --- include/linux/audit.h | 4 +- include/linux/lsm_hooks.h | 12 ++++- include/linux/security.h | 67 +++++++++++++++++++++++++-- kernel/auditfilter.c | 24 +++++----- kernel/auditsc.c | 12 ++--- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 ++++- security/commoncap.c | 7 ++- security/integrity/ima/ima_policy.c | 40 +++++++++++----- security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 72 ++++++++++++++++++++++++----- security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 17 files changed, 254 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 82b7c1116a85..418a485af114 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include @@ -65,8 +66,9 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { + bool lsm_isset; char *lsm_str; - void *lsm_rule; + void *lsm_rules[LSMBLOB_ENTRIES]; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 00d155d32ff3..5509e4ed9829 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1555,6 +1555,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1563,7 +1571,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1598,7 +1606,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index 8aeebd6646dc..0be689d0fd69 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -133,6 +133,65 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize an lsmblob structure + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is an value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1863,8 +1922,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +void security_audit_rule_free(void **lsmrule); #else @@ -1880,12 +1939,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + void **lsmrule) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(void **lsmrule) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 333b3bcfc545..45da229f9f1f 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -74,7 +74,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(f->lsm_rules); } } @@ -519,9 +519,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, goto exit_free; } entry->rule.buflen += f_val; + f->lsm_isset = true; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -774,7 +775,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -788,9 +789,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -842,7 +843,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1358,10 +1359,11 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_isset) { security_task_getsecid(current, &sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + f->lsm_rules); } break; case AUDIT_EXE: @@ -1388,7 +1390,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1420,7 +1422,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1435,7 +1437,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 47fb48f42c93..385f7769ae5b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -665,14 +665,14 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_isset) { if (need_sid) { security_task_getsecid(tsk, &sid); need_sid = 0; } result = security_audit_rule_match(sid, f->type, f->op, - f->lsm_rule); + f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -682,21 +682,21 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_isset) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( n->osid, f->type, f->op, - f->lsm_rule)) { + f->lsm_rules)) { ++result; break; } @@ -707,7 +707,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 028b5a5c4468..7d5559b4c417 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1161,6 +1161,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1861,7 +1866,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..7a58fe9ab8c4 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 28f4d25480df..776b90420f7d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1437,6 +1437,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1461,7 +1466,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4f8cb155e4fd..ce4b8a70ca43 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -80,7 +80,7 @@ struct ima_rule_entry { bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */ int pcr; struct { - void *rule; /* LSM file metadata specific */ + void *rules[LSMBLOB_ENTRIES]; /* LSM file metadata specific */ char *args_p; /* audit value */ int type; /* audit type */ } lsm[MAX_LSM_RULES]; @@ -90,6 +90,22 @@ struct ima_rule_entry { struct ima_template_desc *template; }; +/** + * ima_lsm_isset - Is a rule set for any of the active security modules + * @rules: The set of IMA rules to check + * + * If a rule is set for any LSM return true, otherwise return false. + */ +static inline bool ima_lsm_isset(void *rules[]) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (rules[i]) + return true; + return false; +} + /* * Without LSM specific knowledge, the default policy can only be * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner @@ -335,9 +351,11 @@ static void ima_free_rule_opt_list(struct ima_rule_opt_list *opt_list) static void ima_lsm_free_rule(struct ima_rule_entry *entry) { int i; + int r; for (i = 0; i < MAX_LSM_RULES; i++) { - ima_filter_rule_free(entry->lsm[i].rule); + for (r = 0; r < LSMBLOB_ENTRIES; r++) + ima_filter_rule_free(entry->lsm[i].rules[r]); kfree(entry->lsm[i].args_p); } } @@ -388,8 +406,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); - if (!nentry->lsm[i].rule) + &nentry->lsm[i].rules[0]); + if (!ima_lsm_isset(nentry->lsm[i].rules)) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); } @@ -578,7 +596,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, int rc = 0; u32 osid; - if (!rule->lsm[i].rule) { + if (!ima_lsm_isset(rule->lsm[i].rules)) { if (!rule->lsm[i].args_p) continue; else @@ -591,14 +609,14 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rules); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rules); default: break; } @@ -992,7 +1010,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, { int result; - if (entry->lsm[lsm_rule].rule) + if (ima_lsm_isset(entry->lsm[lsm_rule].rules)) return -EINVAL; entry->lsm[lsm_rule].args_p = match_strdup(args); @@ -1002,8 +1020,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); - if (!entry->lsm[lsm_rule].rule) { + &entry->lsm[lsm_rule].rules[0]); + if (!ima_lsm_isset(entry->lsm[lsm_rule].rules)) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1810,7 +1828,7 @@ int ima_policy_show(struct seq_file *m, void *v) } for (i = 0; i < MAX_LSM_RULES; i++) { - if (entry->lsm[i].rule) { + if (ima_lsm_isset(entry->lsm[i].rules)) { switch (i) { case LSM_OBJ_USER: seq_printf(m, pt(Opt_obj_user), diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b12f7d986b1e..b569f3bc170b 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -239,7 +244,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 8a176b6adbe5..7c7ac9bfe5cd 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -244,6 +244,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -253,7 +258,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index 59e1509c76d9..2d780e82b527 100644 --- a/security/security.c +++ b/security/security.c @@ -342,6 +342,7 @@ static void __init ordered_lsm_init(void) init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -469,21 +470,36 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) + struct lsm_id *lsmid) { int i; + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -492,7 +508,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2019,7 +2035,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2032,7 +2048,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2525,7 +2541,24 @@ int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2533,14 +2566,31 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(void **lsmrule) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 57b8a07bef96..96c560760c4c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7034,6 +7034,11 @@ static int selinux_perf_event_write(struct perf_event *event) } #endif +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7346,7 +7351,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 112c2c03c70b..023876c3f3a3 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4696,6 +4696,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct socket_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4895,7 +4900,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 1f3cd432d830..22f62c67f2ec 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -523,6 +523,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -575,7 +580,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Tue Mar 9 14:42:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125541 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFB17C433E6 for ; Tue, 9 Mar 2021 14:47:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5F0B365244 for ; Tue, 9 Mar 2021 14:47:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231165AbhCIOql (ORCPT ); Tue, 9 Mar 2021 09:46:41 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:46010 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231640AbhCIOqR (ORCPT ); Tue, 9 Mar 2021 09:46:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301177; bh=ELfkMIqQZDbJxjrBnglPQxfy+hyae5QnAksuBOVHLAg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=kaK9bOyPLs1QOyAIYHXQt0Za/Kd1owiVlp6X0m5IXypD8wfj0yk26QfQxqN0IxxiB685phwqb5SjcWHVDQ0MNcHGLYXX3Xy7do60UXX7YJmN930+5Jr3zbTreH2YPJYPhR8JRYmNn4MDsh4qtjFAscAA0AN4i2gMCdYR2Nhlw/FVkMH1GjQA9wO37IbqRBRrU6+kQnJy7lCeFpIrPQS6eX132C7T5mhBvp56f+yGlLYiJ9/8InTh2MpXd889iG4VWpLhjL519jj0223xag87FjYyIMmWtUtqZcZs0z9G+Po3JsHfBLUYV9x9/l8+PllYQjjQSWoHoFmgcgaazaNUVw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301177; bh=OQT5ztZtSstuHNSKu28bO5+x2n9Hj3zFazqcRSUYedT=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=FLqRtZmXfsTu4/0h6rJasPC1yn+7+Cl3UO2QBMcgB7UKGOCq8SODw3pW1kNTUhl/tx6MsdCP/kqudTNP8b3p+3fqHhvWJlGThNqGgjsfTjBNhb05UUQurRBpE/RGFakNdstyM28Kt+UrOg7M9dJMPo6pfpbhC+3AE8+jbUkRjgkUuI605uF1tqomt0+nABhVeXJHoRKRP5EnvhsdAFOnNMmUCNpvlcAdEVLBlcu7toXrem6o/rwxTMGUPInC98zvFtg8HA5+HxNRNk6raeKsT1JuzOeC7P/3tpyv0KFjqnQhB+6oVoGflM5FERLYM4cVpzzXFhYXin62Edr7wxFqlA== X-YMail-OSG: B2YtZ58VM1mQsI7Q82M3QMZG1D6estPoZCW8ypDicsEfHaNVo3FX793hcayQk0w kPlo7hHq640e35HJOWXXcbVMjvvQlgBFaCng7FxjiMTRT8cVm2zrzOqcQ2Alrrp_HQw9q5fvcd1g t0kzb.ldpP3AMQBJPZhXtCV36aDkcvnvFSYz1461.PmhTusNskFhZI4lxhR_tJ72WlQtX0KOhvry Fm4IT0s4KMVRpF.w0Y5iWpX6PfA_xsTCrtytSXFwxaNbR2.HuGhbjnqE6lagVEb1TIWUSRH4W1HP TUMcOvukWlkLyRulauBvgthp_D187wpbS_heTf36.0FDsSpjOalfE6YxXiehpaCFFf0fXWGZCajm SVTdB5j2.81DOSXcFEUv.vOz3y0UnLakQ.P0F7aE.4Rq6mmyw_jnIdFteFeDi2eNBHCL3Z5Z7xq1 87skDm09i_r_F_IZtepduAptDEG_HxiJ93OHKbNqLlhYyRKKfMdgVOChU9l8X0P83kxVcGblFPAw _9l6eN24sdo8s1TRgnCwUfKXIdZYuknL9iqNVDNa5qsYrzm9lphfCmHw9kQd09PtiT0E6IG_wWOq pSU9aUWQ.wOGm6IgsqiWboZKYgznaf0wR2ygeG84YvH52hITXuxVSQGeHTiVFY2aWq9Q_oeJFU_d zlSQFJpWKlU1I5k7KYOIHnRmSmjL3oMOFPIbxl92qTJkvfSIaBXNV9W4GYZnBhu62IRN2VzVJcLd 61TonqVrgFsOSy.xFnKmeLOXQ1n5OltOKRtMvjnS.parmn6DVqbdBJFX8qM_vBG2Dt7tO_U6Jcrl h6TzbJamZKn3AOBLENWIZ6PpbildTTrRcafcHivpokTcrn3LrApQYM4I7hsmUTu8HtNbmIUMaPNR MSAM4NN7K.qDWTpAyEMgFievpBg86v0XOldJgde..5cvjwmE4haBJmCtMgoeUgelvjZ9kvIkMOJW v4k4Rbkmrj3XBiGdkhb0p_Sgv9ZmhNQ3i2FXEd7WVZFYioZ7PnqaQ0DmRNyM.wYloLU4rUmoIGWE IMzU2pOuMFjEV_wCW1it7J9rPAO_hbcDEyzDrzeTDKjczIIuSRR01a24Og9tSXoJm3xGw1OoUJ6B gIaxKUoXg4OAL124nfHE6Hqtn57vUY9oEQBqCHiGhkeGqmpUpYESLVUBCxhB5An_llJjYrTsWoks J2t09M4eu6gGXnUlr6Bhc_9TGrRdnpl5pVo6ruFLkR9Wqx1KKnFmXXKslNSP77TXWys_yOuC9jxU i8wiT8rq0YsOIW9.yEioZqG1Iv6mWcpHCf9tPd1yh25pVB9OxEOyXAqVb5plp4Y9DjKqn3xj7Hv6 f_EUvwDxer7jBckcXW5oTfPhCjlJV7odqUVPbeHF8GakHgsvfp7aO9Cs.E_zZVYhcZmnq5AKrjxc nojW2K7_aViXwLfI.E_AbZHucY89pAyw3pD837TtY8rtUVGVSHtToulQ67XWlc0.1yPz3fPA5Dxv ocVZ6QkMBfhNorVMiJHRuN6ed4EJ2W3xv9lAHAMMZ0MHyQ8Ck0ebqGhEzmxR71pzDGRxlltEH17G QTXrsOUsjs7hL6vV73gO4F90Y5roneeriemjPCDqlECwWR_wyy6F5o0b8BA_Aj8OrivvA7OD.VmK 4xXrRHjtbLmvDUVCJmjqXkwFVDItXk5lbiJ_GfZIJtNm9vFrMRlHeowguCeyRDhr56wVYd6FbbDK 3Bt0zEJXcuaroxBLU5x8rU3eROh1ECHv3xuYYDYsZYPIaoaKxuaW9APwXvSqSpqqEk6KL4lZJjJr pa2vFkYmMA6cvDY2izODA4sml6VzGk9Sa2QOs1uxVTx5fLw06jgCS1AN9yWCK7i8qKk.nPHBlokG E29jqpk16wo.Abp0dKbJtPgf5VCkpN50aOhZGCrx6AJ_lkO5GqPil8E_d0SSwJ.SUDKeYkbs5uCr a9XMQ96zEqxC70bRIsW6T9a2rthScS9LKm.i9LNkGfC4ixoM4Hr8a5ZqdrcaFixs_aQUSTwDudQn 4h09rbD.eP1.BCplmHIE.JIgKV8XDuPdY_.ot_uY7kRt6p2_NB8L62ivbZIIQnJPUzUUkHwcYLZ5 D4fl_KbYdKZRut6L.Lg2NvITe6aWMgV.kba0a5rRWvulbiPtkU8iB054t9rljIdfxP6KYYE1Ns5x 4JHvh0FNipSher4z3I2oBfeUMYB9ObOR.IJX5HNP_TDW7F.TgUWajA6MOgFCyDcDYp69BEN4ABkf L4gi1W9AZKGwdtJK5NiitCkeJP4G.61uyudl.MQ3YdxcNdF.3HZ15Us2H3dXzlBWEC4XuFXcg2QB QVsaI4Swh8pQrSkLLpve4dCRtdVsmdZCMDtEafZy0SvCLMBHkfAV8wBGdZbDQ91qJNG.3R5mCA37 h8Y3Z4i0KI.fPwEA_9eP5_Vo7A6sqHSeIzj0RHCytYOgZKsFbCJX6siABOcqt20kgIS.dsEdiHpS TCjK._NEmFLnsSct3mxgYA5nAjUCNdAECny.9fBOZukqm7qJI9Nh4aiTgzyk3uL.LUC1St.RGU3M NIa42Pz5iUzDhYIryW2Olpir2aCs7CtGM7YQ5LzK6lLI5.sx4m.WyMuvKHtRR5lAWLwXFQcdtIdP w.LUL.ilOoO0FgHlKEvcbs4B52Vow2JfUcDpMOJXiU.1HpIcvKVRl.1HEAbvQmBWd6ICBOSXnzyW 3u0qj_ls7qKeLkOFZvR_9UsqRQ2C_3Em_Gl_KFc_EJZ2txshFTAwnORgFoiYvmD77QlqUlA9rFFU RI3U3KyEYbbGVJsIMDvIm4aYfWRrxVCTUDTZaKnqvh6LZBIEeL8.t9wvj8JV7heV_2UMB9BU7QGI TxKCRa3YqHI44f26ddsq9eOKCs82aekybaE8QLe1RUA._UaQY5Z05LzMK9X9XA5V97UNa9GeGUPu Dk44Q8S8rYlkctPYn.FuYpfhU5jIb4BeKVHvGqOd9ki2TN4jvyJw0EMm_Q4p93YynRVc.cbL72UM kOnXu6dM.SoJiUX9dIMO6eoYiTkTga2mU1iqo7EsyIetyNvfYa_r97D87.MciqU4iyA.GcQ2M5jl b6Uzsg4qxWMNIvkXIVBwET8G0xG_aLCK9Es3agJh_YUy9BSCdH_77__vXDFRa X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:46:17 +0000 Received: by smtp409.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 613545a3f8ca8cbed6c440bc569ebfa0; Tue, 09 Mar 2021 14:46:11 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 03/25] LSM: provide lsm name and id slot mappings Date: Tue, 9 Mar 2021 06:42:21 -0800 Message-Id: <20210309144243.12519-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide interfaces to map LSM slot numbers and LSM names. Update the LSM registration code to save this information. Signed-off-by: Casey Schaufler --- include/linux/security.h | 4 ++++ security/security.c | 45 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 0be689d0fd69..38059fedb693 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -192,6 +192,10 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) return !memcmp(bloba, blobb, sizeof(*bloba)); } +/* Map lsm names to blob slot numbers */ +extern int lsm_name_to_slot(char *name); +extern const char *lsm_slot_to_name(int slot); + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index 2d780e82b527..4d4b0a21bea2 100644 --- a/security/security.c +++ b/security/security.c @@ -474,6 +474,50 @@ static int lsm_append(const char *new, char **result) * Current index to use while initializing the lsmblob secid list. */ static int lsm_slot __lsm_ro_after_init; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * lsm_name_to_slot - Report the slot number for a security module + * @name: name of the security module + * + * Look up the slot number for the named security module. + * Returns the slot number or LSMBLOB_INVALID if @name is not + * a registered security module name. + */ +int lsm_name_to_slot(char *name) +{ + int i; + + for (i = 0; i < lsm_slot; i++) + if (strcmp(lsm_slotlist[i]->lsm, name) == 0) + return i; + + return LSMBLOB_INVALID; +} + +/** + * lsm_slot_to_name - Get the name of the security module in a slot + * @slot: index into the interface LSM slot list. + * + * Provide the name of the security module associated with + * a interface LSM slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *lsm_slot_to_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -493,6 +537,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); + lsm_slotlist[lsm_slot] = lsmid; lsmid->slot = lsm_slot++; init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); From patchwork Tue Mar 9 14:42:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125543 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4775DC433DB for ; Tue, 9 Mar 2021 14:48:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E42A964F62 for ; Tue, 9 Mar 2021 14:48:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231411AbhCIOrr (ORCPT ); Tue, 9 Mar 2021 09:47:47 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:46647 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231644AbhCIOrX (ORCPT ); Tue, 9 Mar 2021 09:47:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301243; bh=MhUKNH9AbEvMO9ssyFkO3hkcJ8g8aBBpJhhu8bEdY24=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=KqvIly/yQKvccJoks3+rzFPoLgWPIakaTP0pLRXsWcrWunkd6UWztU5bKpIcNJWsnRaN9U0iEPjGNrNJkpaBGoVoRNPOJsdcRJd6fr6NSd00uS4jKGext/7JAwGDfS2i4phy7/5Mu1uPB2BnJi9PnxAVlb4U11gWAU7MmYcxMLlc0K8gL1WAd+vXFmc4w8cdjU7yhS3RCJRxzZLjTIds2pJ2HFLLMBUSd5nbi+0iXNnH5DNAr5qLsPhpp0Yud5Mjgc1ZJ8jDG88W9VzNccLqhaYqvTJCOM90uTgXGBWRk0Fy08lutotqFmD+TT3p5xwqfeB8aWlS6l+XrVoZexPt3g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301243; bh=EbN6dx2ZTCeKmydmOW/O/fPJ+xm7qoucnGmPsoB6PtQ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=amOwuIGPLz15mTkstQNm18GXqd2mHhzmfLi5vMLmrcOOYCMhu7357SYCBZhG7Y6iyvKMV9CDhAUqlmDbU294CzSfKe+PaMsJdZY2MpZvD2ChFN8O/gBRSIm2Y+NX1yJA6XgdjvxbB5LpEmDBieMYTuzlyQuXMvvefeI00JrqNbve6e7GVJlRSI2TTquCSwQ2qS6h2Wv3fNWxkxVPtPNu65FyiHsqFTeEfXw4+h7v9ZRnRqEu3agrBfTPSUPk1gYZfy9i3N3BmZbPVQRqZyLDr7xd/VaN5pDpxxEYLKQ1s8ym0SRWjV3JqhShCnhgI6fKLvzBfosNIXRv/tod3mrLxQ== X-YMail-OSG: MCZXe9AVM1ltVqg3sm_lvVOEwaL9bzVDuQD2yQacAZD_YDg1FVlGcIp10LogqrQ esET.sviCBAgRXUlgxKof7ivYpsVhBg5A6M.xSpgLwalPX6GgLOQD5GD4pk4IH5DoS4bPis_1eAY tAlLiGAzHRDtvUtRh2OeNWmo4UBhFx7bU.2A4ecrgneDTC4KwsK9keiG99mPuD8P37EP8Ey2md0_ esRaO2eyxZ9ZKEeoenYdrJh22r0dK5YW3HAJBBR7fGacGD2Ffl8QdFKyRCuS.YBSLindX3LVQOj. 71iSazfz7YPC4zxYhN_LZ5SNbKq.C_856iBtNlNeHzQYyOZKMkbVBFzImbyqV3mIhHAhLKRHKV16 kkhGqWQDRCe.YWFJ0mKLWSUcmolYoBqM8t6SK3CGjCfGLfJJ5AZpsuAARka61wJkZZZSVh4nycM2 bwsQSzWxB49ObTCr7F_fpCoEzRLqnKyTMaIeYr41KyVYPawyxTlpb6B5f1Dvqs5l13yLorSyKnEy hnCCmo_MmEyZYihNQz0GVgKFy8sxG_baEzC2GAufL6aB17je.Gads9lsUpG4WO.eLKjxMyrEdwL. BMi4u3.jRgEnXLIze1eDATLInZFOYDEd2mgOB7QAomH8PtT0y3oZOr8SegsOWYjjnoBPqcaTz9Pc _ReMVkUqLtvjJ0S82ChhPV.nL6vfXIvpO4Yp3whLv2BqhUR62zFg7G9P8RXzgzhmoFfDJSlrXeEs 113UwaB2SLmgE3JM3cD4EbD3TDekRe2c9idiT2r2tLFbQbtsVafK096gwkVrDdmyOqS9hkZy4VV_ UuA9XkAv_v1evzci05..4uo73u70UJGgQ_J8jgzuRdiHh.2gIS6cag6_W0gHgvDdJaqMPTcA9oqS L28G_c_A6Gbn.PvgyrK2xs8eCSX32ZNEmXUavOrYff5QTFLJZVEfwBJf_kmFSiqsvtHUygq4CfKw 3CQxQXfS6LOWNnC3zWni6_gvtS0U0gaXuQp6RAwh2ePbn1svWLplAOopuvJgDQhqjluIHYtcx5eY r8gXnqRgeFn_V4GHA0u2cTawBT1elb3DdWQczliiCTaR9QWr0ckHHbgI3xbEOCQr9TkAbZl1ZsvX HVhH4Oy7HQW0eOosxIxOX_kwmv_HgawaPx6wY2FfFniFo.dLDTHQrSg9r2QmbVphBK8Hx7RP6vNc kj84kYSOvQR84AH2lTJDl8gXeF_P3CSxa5ZH.wySKII6GILjJeuQoR2ufBp3zmUwvQ3grNhUWCGn pr.LpV5Pw8a4ceN8fhZT8ZhtiocnwWB7s.qzg_YryrDLpwYMzA4P2jhU41qXcOMo2UEvoifxajHJ cXSp1OGWlyXSHU63AuKmd4g_XVOs9rdLyOV.h8oGpa0URRe.Nm5fwN6kuesdlSDTEe9IeYHJw.B4 vcLlOkfusDHu4hdvB5Kp0XCAChXJr_9dHWe3lkTC9gi89sybh9CEgN3VqCK9mOGzXLFoaBy.ZjMT 6Mp6oGaayNYsWPu4x2o4LeJCEcz9BtponzUJA8KKlhSf1NP2F.koQhLAC3k0tYfvbdYoMGEJ1iHs JPl81UrdGy5R_Xx28yYLe7a8ZrPQ6L5ed71TcGOoxpqon4WwlaPAQhiFebrW_JK3wmk6EAXo2WZW aGtD976Hble4NCREhTlHISCDctfw5VQCvTmlGpPvrWaFM329SkhX7wrd1OLYjwn8mncEDIiFvAWo bTV13g85twxQ2b6hPhFYLt0nPH7O9eAjKYCmgnrq.FWZbGu5QB1zv_mYM2vljbop9vd1xuDgYZ2Y oAdcls0XwjBIuPnXUcd5.waVjCxUQ2LA90uyf90xpaKG12QMMaSsYegf_4llKDQoSII8xRLW1bim KJwsf10ByWVom4w50.mjmaxnonbR4XpL9RB5hFdBMVTfUHGFDWtix35Rfl_Aj6UYq9Pu2Xss8yf2 .tUERyEyS0kiNgDhjkppoB6fLPS4lQBSa1NdiS3VNkZYQYSu1EdCMfAE2z_5GwAHO.LFB_Rum0JC 0LUC6L.QNT6sPmqRuXigd8LLGhWxTSlby2IYAqoqjs35Mlp7jEbuayshpReFGKqquqDr9ugLHnvj P7pWH_ljODIGvGZEfkTJGFUMUTvPLsHZ17kt_Sor2w8lupu3F1Bzqq3ercaeBHYefLsTV45lViPw vXiawqWEEbaDEXHGHEV3tjiJRsD8gEkA2F9swjH6EZRq0dvimgUsFgAHKpM3DbgB4VP_Vd4ls5Kx QTrzNZ6T_B67i1QlAX.fqBzTVutqk32QqmshFH.x4gdeGS1sSNhaGXUBqPdkJ62NF0obys5grxI4 LNoT0Nd7Px451wJ4a1j8Wj6q8gZyBoN6ORHY2FG0_5NQTlbL9ZEXPDNa_JNG.nrloiMFTcvvn0Tg 814.z94DkjZs.zeOL3CiUqcl0tG9JxDxytjBrmxjCnr_CAm2UUOuTRA50wECbpcdX.kRb5PBHXhz DTIpde_S2h8qrGiHbQiVqbTmeVhBlwGIPP05I.ssvVRZeyZsyy.Wby.GopLqWyDfLU4XHzm3CLR6 puL8ZcIi.7UAZgeAtKTbJKopSOSebRHht9aQUuyvftowlscqx17Px67OvNVMX0geXaSJmZ2XM5vj ak3MoGyPKwdwONS.zHplLGNYxqPmcrgBaC01i2RUTWEUqoP8Y6BZ5lBJc8EQI.nJVJUdU8gX0A9. UkvOBGHKxwVqtPg83phk6qy_1L9tQIo98ysd0SJX.9PzoataRJho9kOWsVuCNTlrsDgOC6gl6sSO OhIusoSbBdiaJgyLLz6w3pcfa_7UYSPoT_dMoQODI0C0D_yoAHNzc4hMkz44mYq0OTzpWQc2aWDV yGa06Snnb2H3RKADY3H2GPbKcDNCqzvqbj_LKxuG0uxXYqxPbNXNSTKlA1zue4M3gxIfEUkN14pa dgkecdx9TBpVPcoDTtlu1OYWr8oPxlf44Be5h1hE8BlZByx_YxbhJ9cC2yTSVKjM04M23HqnMTP2 rWkte_vSwxeS3ktCGri63_MnQ1.LzpLQbQC2bKP7UDDLMuyZQjbrh1chZ1IU.R_TDZJC40WHr5Sk BSKCYWLoLsgeFhyTE5p9x6.ruWkbUKGO2bS0mR07W54xIF_TCeyZYscBPGNVRGmY- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:47:23 +0000 Received: by smtp424.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 020dfdc711ebc6dad7f2870b8cc68e70; Tue, 09 Mar 2021 14:47:19 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 04/25] IMA: avoid label collisions with stacked LSMs Date: Tue, 9 Mar 2021 06:42:22 -0800 Message-Id: <20210309144243.12519-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Integrity measurement may filter on security module information and needs to be clear in the case of multiple active security modules which applies. Provide a boot option ima_rules_lsm= to allow the user to specify an active securty module to apply filters to. If not specified, use the first registered module that supports the audit_rule_match() LSM hook. Allow the user to specify in the IMA policy an lsm= option to specify the security module to use for a particular rule. Signed-off-by: Casey Schaufler To: Mimi Zohar To: linux-integrity@vger.kernel.org --- Documentation/ABI/testing/ima_policy | 8 ++- security/integrity/ima/ima_policy.c | 77 ++++++++++++++++++++-------- 2 files changed, 62 insertions(+), 23 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 070779e8d836..84dd19bc4344 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -25,7 +25,7 @@ Description: base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=] [euid=] [fowner=] [fsname=]] lsm: [[subj_user=] [subj_role=] [subj_type=] - [obj_user=] [obj_role=] [obj_type=]] + [obj_user=] [obj_role=] [obj_type=] [lsm=]] option: [[appraise_type=]] [template=] [permit_directio] [appraise_flag=] [keyrings=] base: @@ -117,6 +117,12 @@ Description: measure subj_user=_ func=FILE_CHECK mask=MAY_READ + It is possible to explicitly specify which security + module a rule applies to using lsm=. If the security + modules specified is not active on the system the rule + will be rejected. If lsm= is not specified the first + security module registered on the system will be assumed. + Example of measure rules using alternate PCRs:: measure func=KEXEC_KERNEL_CHECK pcr=4 diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index ce4b8a70ca43..42a11f2c1068 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -79,8 +79,9 @@ struct ima_rule_entry { bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */ bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */ int pcr; + int which_lsm; /* which of the rules to use */ struct { - void *rules[LSMBLOB_ENTRIES]; /* LSM file metadata specific */ + void *rule; /* LSM file metadata specific */ char *args_p; /* audit value */ int type; /* audit type */ } lsm[MAX_LSM_RULES]; @@ -92,17 +93,15 @@ struct ima_rule_entry { /** * ima_lsm_isset - Is a rule set for any of the active security modules - * @rules: The set of IMA rules to check + * @entry: the rule entry to examine + * @lsm_rule: the specific rule type in question * - * If a rule is set for any LSM return true, otherwise return false. + * If a rule is set return true, otherwise return false. */ -static inline bool ima_lsm_isset(void *rules[]) +static inline bool ima_lsm_isset(struct ima_rule_entry *entry, int lsm_rule) { - int i; - - for (i = 0; i < LSMBLOB_ENTRIES; i++) - if (rules[i]) - return true; + if (entry->lsm[lsm_rule].rule) + return true; return false; } @@ -282,6 +281,20 @@ static int __init default_appraise_policy_setup(char *str) } __setup("ima_appraise_tcb", default_appraise_policy_setup); +static int ima_rules_lsm __ro_after_init; + +static int __init ima_rules_lsm_init(char *str) +{ + ima_rules_lsm = lsm_name_to_slot(str); + if (ima_rules_lsm < 0) { + ima_rules_lsm = 0; + pr_err("rule lsm \"%s\" not registered", str); + } + + return 1; +} +__setup("ima_rules_lsm=", ima_rules_lsm_init); + static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src) { struct ima_rule_opt_list *opt_list; @@ -351,11 +364,10 @@ static void ima_free_rule_opt_list(struct ima_rule_opt_list *opt_list) static void ima_lsm_free_rule(struct ima_rule_entry *entry) { int i; - int r; for (i = 0; i < MAX_LSM_RULES; i++) { - for (r = 0; r < LSMBLOB_ENTRIES; r++) - ima_filter_rule_free(entry->lsm[i].rules[r]); + if (entry->lsm[i].rule) + ima_filter_rule_free(entry->lsm[i].rule); kfree(entry->lsm[i].args_p); } } @@ -406,8 +418,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rules[0]); - if (!ima_lsm_isset(nentry->lsm[i].rules)) + &nentry->lsm[i].rule); + if (!ima_lsm_isset(nentry, i)) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); } @@ -596,7 +608,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, int rc = 0; u32 osid; - if (!ima_lsm_isset(rule->lsm[i].rules)) { + if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) continue; else @@ -609,14 +621,14 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rules); + rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rules); + rule->lsm[i].rule); default: break; } @@ -964,7 +976,7 @@ enum { Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, Opt_appraise_type, Opt_appraise_flag, Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings, - Opt_label, Opt_err + Opt_lsm, Opt_label, Opt_err }; static const match_table_t policy_tokens = { @@ -1002,6 +1014,7 @@ static const match_table_t policy_tokens = { {Opt_template, "template=%s"}, {Opt_keyrings, "keyrings=%s"}, {Opt_label, "label=%s"}, + {Opt_lsm, "lsm=%s"}, {Opt_err, NULL} }; @@ -1010,7 +1023,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, { int result; - if (ima_lsm_isset(entry->lsm[lsm_rule].rules)) + if (ima_lsm_isset(entry, lsm_rule)) return -EINVAL; entry->lsm[lsm_rule].args_p = match_strdup(args); @@ -1020,8 +1033,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rules[0]); - if (!ima_lsm_isset(entry->lsm[lsm_rule].rules)) { + &entry->lsm[lsm_rule].rule); + if (!ima_lsm_isset(entry, lsm_rule)) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1559,6 +1572,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) &(template_desc->num_fields)); entry->template = template_desc; break; + case Opt_lsm: + result = lsm_name_to_slot(args[0].from); + if (result == LSMBLOB_INVALID) { + int i; + + for (i = 0; i < MAX_LSM_RULES; i++) + entry->lsm[i].args_p = NULL; + result = -EINVAL; + break; + } + entry->which_lsm = result; + result = 0; + break; case Opt_err: ima_log_string(ab, "UNKNOWN", p); result = -EINVAL; @@ -1595,6 +1621,7 @@ ssize_t ima_parse_add_rule(char *rule) struct ima_rule_entry *entry; ssize_t result, len; int audit_info = 0; + int i; p = strsep(&rule, "\n"); len = strlen(p) + 1; @@ -1612,6 +1639,9 @@ ssize_t ima_parse_add_rule(char *rule) INIT_LIST_HEAD(&entry->list); + for (i = 0; i < MAX_LSM_RULES; i++) + entry->which_lsm = ima_rules_lsm; + result = ima_parse_rule(p, entry); if (result) { ima_free_rule(entry); @@ -1828,7 +1858,7 @@ int ima_policy_show(struct seq_file *m, void *v) } for (i = 0; i < MAX_LSM_RULES; i++) { - if (ima_lsm_isset(entry->lsm[i].rules)) { + if (ima_lsm_isset(entry, i)) { switch (i) { case LSM_OBJ_USER: seq_printf(m, pt(Opt_obj_user), @@ -1870,6 +1900,9 @@ int ima_policy_show(struct seq_file *m, void *v) seq_puts(m, "appraise_flag=check_blacklist "); if (entry->flags & IMA_PERMIT_DIRECTIO) seq_puts(m, "permit_directio "); + if (entry->which_lsm >= 0) + seq_printf(m, pt(Opt_lsm), + lsm_slot_to_name(entry->which_lsm)); rcu_read_unlock(); seq_puts(m, "\n"); return 0; From patchwork Tue Mar 9 14:42:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125545 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC851C433E0 for ; Tue, 9 Mar 2021 14:49:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A58FF65248 for ; Tue, 9 Mar 2021 14:49:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231216AbhCIOsu (ORCPT ); Tue, 9 Mar 2021 09:48:50 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:40404 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231623AbhCIOs3 (ORCPT ); Tue, 9 Mar 2021 09:48:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301309; bh=0bnIIhWktDavWp0cr9LiTL2mGyMjywR5f5WzpYYVImc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=onmUi+EIEqV7DLj4mtok90RHftER8zkvYdAKGeluK+4ToPG2PbUg+ETJN9jxcnBWaWIiP8QOf3N2hUpDcb+D3l7d7CRrixZv5NJ2IowxYfI7Re6MnN9FXEdcWrECEcZ0NwaL4gGxxKKpOJ3VY0q8jX5eZlso7evgbgfZvBx78TSDR+C1PsCIAVqbOQeX0+PyoRaTX6vToHFXI39xgA+lT+VCClOTN0h0Q80C3J2WAqMQCXhjCVTpGZxfpg3pX1B6T+zX91F1dfbM+hV60nyKpsQqnADWzp5CTpYT4A3cZSw0Eco7m8e2JFZKs/sM3mNVGg1ly2qtJ86wiZtyfgzddA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301309; bh=vYzN/ad3YKDHjByVxdzH065uuF4q485N3uun9s22nYK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jDoJmKfKdJ0Wmyj1uUlBUlGWXvmY3kYnnTt9NQgGNAtvas0Gj58JFFTRTm2YOBUei3m0gkWGe6nBhvSBxmyjNkQc0Kvjj4WZcBmU0G+4yPv1vUZVL4dgzjWIEwj4hlsA7b3MEPPZKQVIowCXn7rjUz2vBTaF/Z4kycMpD4tZROat7jnaSwI3b1a7gIJT5gfLohHrjJ5aNCRj2GIJ9Mh8PU6yUzfdkAN048kAYEgxwpmUONHkoi5rb5LEfiLOtxid5EgFuF+UU3AGAgu0UNdG+gM4VMZoxqGhpT+XYjPk2B+hbQGXyM/gEc2eE0y9RGysuEueuU4bctQi1+PHkNe3+Q== X-YMail-OSG: DmUnHPEVM1klsOiDEdco.1XB5hvxgfw4DdWsehZgQYPmb1X5bXmhdnwnWn.Mj6V BwTYR.1_yNIEDAFQkSfTSvUwDwMduqD.LGeJCv72oqmz2CaZCea6teEyqLeH4Bq8vjCIcXNCm7D7 l2XZlEs98X73hl7rWEKfx6limKZBQZ0qUEOwo61.Lq4zPwqcI7daAPouot7LytX0mSWnMxeBAjcQ lFxgkXNt_5HLWIteNq9UMN50swH6dfXkEXRBLHIgxdxTNZBG50psK506WrX5jCareBZO.Sui9ryd Jn_Irzoi1ZvSfHHXCbwDG_7oSGJC8e8o8N6JTKVMBiROw.p7xSgzOevIHs56vc5.woQfXkvs4NA. 3ce4XadUWwUaPOXYHhtTNdCAb0T5MhHKvO4r1IQ9ouq1MfLvUHy3Ir77q9_pTji5WujSIQ98Ny_Y tcqydx6fvPzFqqPkUBvIhWiW_OYomf4KXt_nOS2TUZRYQKnOLaxvzddOFizqdQ62kS6ABxV7aVVf h6BXQ45oz0nqcT0eu_Ncp0I91gSXzkvF3j6iIQAVtEGTCnUy0BdH9k92YKuYnLuQ6WUU_yKhMO0_ 1ZM5Z.R7O7APcmuukkkchmzlVUmZW0Ya5bpbBOgDB0qCWrrdz7vEgbd7_b4kzYmAxOhtxucj304N MewwJkmyH7OkaMYzMWSvbuzUi_yPIJDzM6rNaRYK0a2ELi78SHfv618OYAekbsJc34bDJJHb03hr IZNRjCIU9UAxKC9Q7X8k9MBzSJxP8K3V1XAfNusXjIkjgwh0UdtnouBBly62KBduYejeg_k.iHSF b78YSkRdHuIJlJteMjEdwAkfLTlPpAnuZR2QqYK7CAYIBfjwALAaB_sG1k7TKWb5csgGnJG3c2Co ZyYLIy15HRkywG38Fxn2B2bvgyin1tSiRCtT0tgKAlv_LBpYR84j.Xs.Nv3qpAttTi.S0pbkZt3M a6L8naTLK8HfzBDT8xBF_zhrBYa00.jW0kaJI6YNf.UFggXUCq.CzhrPVegx_RRrtMBgVH6pxxYd c03WicKX1l_noI2dELIJIxKDHn6RICBpquO6vwQgRQzKfunsi8GBQpQE7ei6Y.zn9n0Cfbmbtj9E zLHuZ7v6LMGspvlyzy9rXv6au9EVhtlflWfrd5MbvLBuY4e8RjRl288z5It5c_Z8sjwdjImg1Nyg VfF8sYAcobU6tFU2XRG8kZ1Bj7vUkB4FymOY3KHebMT8lrfBoV69P4KIJDjhdQqzN9p5pH42S..2 chLTdpuUZoYFYKtFmYo9jwZIZ8Z9EwTI0msBDk8s8YRu5TJ86lB5RzjlVFunz9RuvTQHSCgoPK5c 5PdkHpavTfDdnY4pXSexwgkB9k0abZSaymbr4sIVchLaSpzd4wpDoGUnxJt5WKQLYTSrv.ZGLmgm KlnHYtHPwqcrf2a.5thhu4hkLIi2L51fm5tK6RKjqnO5_A38XV2OHz_vonDYxtGc.oeOD2J1eB9W pCGCkxELJNkeT52b1GAq5Vl0.70igbFNZBWHn_4DlXtFmIKVKbGxT0_DE91W2ZvcrFN8BfzisyJg OBiuxm5.lng.wmmDlPUUvv841sTbdi7W_bjNYh0PJKrrfygdLnjrONPCuKd1t7DZPG8aPdcxNrJR i6vbgnSFn3Zry0q_FAFvBOzGKV.ONVBCb.7yuEbERhO2AiE0A1_tes_g09_OaZbsuLAMHuP_ehGv vsvbS8O4iejtHSiViBfzQuGZtB8E3vJX4rkIpw2mhXx0AE8dE9xpyPkfs0ihqbvbI3Oec2wdk3jt FYTthDrrn8KG7bYXnp3i0LvOqFCo52Zhtz9tJg1yEqW4qp4vzP6fysD0O5Er8CgTnkpqOukyTgec vl_eE9qdzYaxXyPpe.ARM7a_IJXSKElrsBThWDYKe6RlWLr3YfRTCSoEgf.k8xqNlPNKfDriy5YX 6CQ9Jf7I2a6Df4whGjapt35oN_0GYDIMvUVjRUvz2yaNiVCjybDKbKXLUkxYhuXd5yvfEctNWoOz 3Qkhykl6QayeIT4OJADEbDGvloqdAk_g6lq1jJrgMaP82y4ob0ZRswblpOIc11i32dP7WjyX8guH O.hg4WKzj1S.Ni9vrcqnZztYNgK.gMn9_tnUETSBGgKv3VPX3VUpBhnD7Z0j2LAgJsSLs4Vr8mar zmwdjBg3CB5VZ2jvWPC.n6DBEJ8WYEha4PFc8McPa4WsSHmufCee8fm1ppQHeXqdiXdVHdmBYtef znQlZf6tFmqNoNlkLK0BK38xXIH9C2UeQsHDW2TzuLef9.jfiwdp9WnF1tZ8fFXOUkN0yeaI.5rE VsilaMLUMAE3Pf1XXvb3vA_I4qaax.eGgX2zfR7hsKCMA..sVfWdxMBf0jAV9p5liZJSo4FdEHlx f6SfCB.1YvOAt6JGmyCYUynBuVPna1Nd.dt8icJ.kfz3SvdSksZeV.OoxBomYrEy39ebl7SJ0Fnh 0G4x4.n46czCBousbWWNoDQwsLF0GviCY6lxvUgExq_YICczvHOyD.TE7yEiPnba79gkNk4diYwI ZvkI15yrcg1btJsmguVj9ZNwygEvxH8VnNOOg7kU9d1C.nRfDR4oOJq1F2p7kidr3.1cTkmze_41 711n.CIzNU2rlmVNMd7COviMCMvxR2ZLIW9YVS5i_CpwipSp5uWPyqrA758zh4UrqrN_npTNcrJM Z5iJvTys_K4nfKrGmRcMYUGxVsZC_IuxkIRyaYLWUfwGqwy.cm3KnzuDeeRwbIwtcKTm7.exLbkZ txMG0VdE_v8qBZDsl4xl4jabOJ4HxHY5noCT_Uqkxqhw1MJJTvMVBcxWG_TlsYm1RnVE3mqXiG6M Qi2gAoa7scs6q8YM2VZq_D.4p70AM6hF5czf_tdZJpX7gMkOcbarQkg_FNbn6zhgM92ZZlMegG7C NcWol0_cLG9mk0lIBehO8CsqNAlAzQYDF5zx_rxTjm0kY2.VLgU4iCMTLq6tcYtk001Mq74r_kBT fI0r6AGX4tHjIo0mryfhNvs9QuB_1uDTqRH.Pqymyg1jgYvgz4NgRFDGEpv1fBLXyOrlc3gOXSax pIDLKhgePfEC7FBBALNVbQfb_YX7XXv5b6VRPSuRlaUDXkRYn0OwZcLC1R477gZf0Hra.qMC9rQJ PDB5GDXNPFxhZoL9VT5u.UUIQ0WxJSYWf62lJwLwHYbP8DFL8_tgDoleS1vgyDMVUggEEE1teZWh X X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:48:29 +0000 Received: by smtp420.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 253fc13a7a5299d33a87efaa9bbb70dc; Tue, 09 Mar 2021 14:48:25 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 05/25] LSM: Use lsmblob in security_audit_rule_match Date: Tue, 9 Mar 2021 06:42:23 -0800 Message-Id: <20210309144243.12519-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 14 ++++++++++---- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 10 ++++++++-- 6 files changed, 33 insertions(+), 15 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 38059fedb693..911e74840593 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1926,7 +1926,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule); void security_audit_rule_free(void **lsmrule); #else @@ -1942,8 +1943,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void **lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void **lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 45da229f9f1f..e27424216159 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1361,8 +1362,9 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 385f7769ae5b..829005d3228d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -472,6 +472,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -670,7 +671,9 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, f->lsm_rules); } @@ -685,15 +688,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -705,7 +710,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 8e8b5251550e..475f5622a903 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -437,8 +437,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 42a11f2c1068..81d45b471a62 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -607,6 +607,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) @@ -619,14 +620,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); default: diff --git a/security/security.c b/security/security.c index 4d4b0a21bea2..67e9345741b8 100644 --- a/security/security.c +++ b/security/security.c @@ -2618,11 +2618,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2630,7 +2633,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Tue Mar 9 14:42:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125547 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA478C433E6 for ; Tue, 9 Mar 2021 14:50:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9324E65173 for ; Tue, 9 Mar 2021 14:50:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231319AbhCIOty (ORCPT ); Tue, 9 Mar 2021 09:49:54 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:41990 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231652AbhCIOtf (ORCPT ); Tue, 9 Mar 2021 09:49:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301375; bh=Zj6KFJ6LgPa70vJfKgOguhcWb4TDhCh9DkBBn6WyVPs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=nDavTB2ifBGWdnEnAX3sbjD4Wo0Jtrr127cPC/BmBO8QoTpLXudJiF3lsK1cHHRatzzMN4UozVqj6a9pwcZDlcbaX0bI1SCmKJkImPMEhPwv3yTz7lMxNmAcMfyouEsPBkMjbcG7W4qSrnVtxpe4h0TdI5C28V/6oVFZNoggX/UGrfWuYH8HOspE+ylcNObzFgAEL1vqZfSXOmPaACLPa37v2LDJq4I17n7xL6gjoJscjnIzAT4JJTsRRBuWSyh8SLQgc4dMY9q+QHS81pdax6YivkGzqKKI1bYXG5CIbx2TNmXVZJFm8KbgBsUnn+WvqKq5vRFZJtrP2NrzklVIUA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301375; bh=29U0B6v+IvprQN3aRuv0ZPk9gxedo2GdzQTMayBv4hf=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=fILGxMROnJMM1Z/lAB0M6Eg2vpRPSkez3BZe1QE4cRJIRtZbPHQ3rSk9+exUTGkbeKzk2HotSEtFlSXUcq4j2Eo7ufRP1hgwV5oaOLdo/M6WxCUx/4ruR/hg5XgKFTv0pVWnESn0HB0cjwgMWGCaJ674cjtIXo6XugaI/IzOCe5ffXaTyv6VgqUjOhlbl+4uNxeEDoi46tFbr9fNQjyiz+/bITn+H+ws4Dqj5jCvb2GRrbkBkn0LqXJH57jxlynkz2OGMs/cFnD1eHO1YdEceioSPZdMrixxGUcDZLgwDNO/J7v4ZC+1w/5sj08JJSaFMqjDPuwqF2+Q2FL81zAM/w== X-YMail-OSG: JWK.upEVM1n2NXh_TB6zVSi_zNuYg0pwqA_kXnS1Y6trly0YhYWG6.k0LoncC0u R3qwIbraBuEjyfYiEscBRkBt5S8o2hC5TmKfhIDLN1qdq7SNRni46eNefw95zfbeGNoJOwQxX.DQ cfp2ifLf2NxYA4_Jl_LFbfTEPXpMSCjiwykR37nahqpUOHdQmnzjghJpBWgwm969snXgdFvudOXQ L2.FpTz.fbpEktZ4w4qCvqJuFVLjbWFlr7boRmYaMZ7iss2TWoERfBuXNCW49eNluCOgUzYZ4NLJ d1SX89zrvdTGeJP95Zvc4r6yWwku9ait9CLddDPVOFhUL6GCd4j02XtNi4nUBDrCmDfnIJ64hWPX lNvHJNWlaZ6i0.fGfCMjJ8IDZ5LAUMZAEMoQR3nolUHit3QvzQh9oHphstqsuPEC4azJNAW9g7GV CfWeHOOoRlcIHUJOka2R_uz5WKawq3D8uf8HLgjNM9ZcEA4LX16JkPZwoQ8VF90HeI4GNaR91lcV sORKcEB3i31BUpaPIOX4LbXGgkisdKLfq.PF9dPyxH.8LQDX99TQznp1A3BqFXoT9WCa2UoHMTZB me82GeNmO9QGNiEF.5iUONGdwQM4GfPx4cFwHo10Kauz9zyqpaaktpYcurrKHRKJgObKPsPgSRRD U.VF4FndjV0nOC0o.yDt5.91.pdEgRH3._34_Uq69ZF_PD19wAPNrxihosQqcrKEihElCr7s_W6g eH_O6uNuzIF1kdLCsNKPjy4GjQXBxPa8yA4tnvRUar_rGnDdM86fakEBiInyM5KqL0UymOfY.F8Y L6AtG2DhTZZr0wci7TNlgO7IyrOPxYBLewK7wLFApTKA4B_v5w0Jz8W9bofFmKD1a.eWZWmpgeqE HrbR012lJF1KxXaFKDGOYBb29EOAuCEZw5x3TtCoPtcHGEFhOxmo166wXRQ6FQFf.ZKsqLPA2ZWb CPjPW0Oatr4Qi7Y38JtWzy2TyzKDXKzTTJa59vUQT11XC1Yx66dI.6fCnq4nNZsJNl4mVjqd3Y0A MHlsfD13Eg8GNJUKV4tBhVDE_SbKSXCLw7EfTJIZnz96JEzzYL0fF_JNwbeGh5e6GMOt0I_O8Vwr LABoU_6RqSxfjwp6mTUwlbH6Qip.qX74m4acNAgM6InzWugNvFIcK2o2iGA9pNBBYKtNbpYraHft CFFzUFKnUskdPbCAibi37cD8VwL0NR7TR._RdRRfcJOJt7KCuI5XibuH1Ep_cvjkX2cGRlqoLshY 9GAWUECds6SoGa8ak46nfFW9GRUrO.8Ng1vUeglsVk.D_9Ddek.cA3XqdS8PQAQNBB.jR7u8wQY3 47KJlnZAiA.DYhbW3L7d9jZDHJJInjgPmQgS2TbgiFwqf31EXgtEIYXb42KrWJfsl1nX.WO_OZzd T07jZImDDJwj95MB4a6INhtrriVnR5sZ_J1yJdwU7qwpdAYATfBP4wSIhLOqKqj51CUvcsHODtbG UK8cERWmNHiG6lrW_nttPzwIIEkPvMxgp6GCJlgxf0nmkd82SDkniwiszJwulsKfYprhUxPXhpbt 4s2ffD4yILr5iaXZYGq7VkpoupN5yT54rFm_pXPqz9EPc_NjeBXcXZHCLiT7iXM6ZkMcKeyB4rru m5LiZ3waX2mgnPD94T8TsdcZFUAuK2mQSoPUe5uyq4tWsZU_IxccX0TcsF62xS4QbnX2F1nuH0FX M5dC1ETqS26AddNukOT2NC3Ci_LdUifVNkFmpTaiuIfZ8Nu5CAe5pC5JlFXzNRpXHfJy0tpghGCR zj.w.fE9K0r1Cd6eErKBrRX0TLuYxQbVfjwjbF5318QQ54QnDeuO3Ci5J7VTIccPtyh34HgmVdg_ V2WHQDU.3ROResSHn5uWdug420zFCHvlOGd1Kr8pwqQvK1C8NkZc9iNk8emkkVUoUFoK4xEWJTCG b.x1guwjaQPkc4.hlqze1WMtdAtyJ._xmXN4tKLkKM6s9FrNpWQ35cvVvb2T5m2vP76sRbjsRrCk QcZZaKA5OvQ.yWb_dsjV_Dh01p_Z5OH.f20NcK4Qi4mW2y08TDgNfuynM0YfqN9DdqJGbhZJqmXF KK_y6s0OA8xaLEyJY1Rtc0ldlkPRt9Gjs65BGOCINzx8UtbDavz2XlxKvm9w_BUnBKqejCObu4VA gOyPkQQK2ponGER3kFh9bAmSwnWi94pW4F_6_bOpE.fe4P9OKWN5sh_6mCKE_rN5X.pdKRkiHCnw qcoYQA6JO_VuLkgIpKTb61j9IMPDqQU5ALVLXvemvMDee8IAoDFr1YPGeFZgkFZOcw3sTJL00iui vEAySX08YYZctsqP02Jw7zlf_KLIwi7.SDhnYWubA7N5VDuZrsgmrwfDuXQo3tdw.6mDzDi1srBZ vAkrXjtXcNNPR3rQ_L5x68iprugkN0qVn8P5B45WHXihOph60ckP7nEEl5Wgo.bBfgUTZxQYIZ8E ePmzSdfilm9ua81Ig8ntVpE8_o1fHMwOL9FAuXRMyT2D3C_fmC_FhsSy3fB0D7ujMNZ75tlWdjvB BEXRftl0D86sJlfccZOYLlp5qockQhTiu.Ahl7G9OGWhys5Wm5c_scdliSQ8Calv2HxTeReGUxuJ OvRMEAOC9E7jdTgPjAmfajTTc9qeJh5tqWzo7ZppdxBgldJIaIWsPAub9oOgNKagPazI4IO7PJy9 wSzbmrqwlmIIiECTvY31qEnNm0yTOMYQePg9Qhzb0yAkOyPtRgZU02IemPn4ukvuXXF.JC3Kgctp GnkLtRFr7MTSUZcpTqG4ew29qyCp8gUBKvhfj8pjFRohMzQP4aSSU747CCCtjpmtftir6pC.rlQh RErZGsRYmkRMsH9iZOyI5u.hr2cg_WN9YPXs0JrWlU_CkqQvvNw_usceMIU_hrH77X.iTFIx_IW8 JcE5gCX2wZVg7EP9r6R4dGSLoNrHb2ucDDAbuHVXuxXCQzo9xKuKNg_YMSxSUwDY2X37vi6nuCz1 .XNVfdcfGrjxvWNfERLh2zJXXbDGehVFLso4nMMgeRDhyYPwJz1SsI_BNXn9d_tvGjGcSK6yD75O kdsUH4R1h4I7MtBsVKnr8hP2LQ48rGBygI7cNstv_47ITrozfmHeg_0UNkU9y.g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:49:35 +0000 Received: by smtp417.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID e3cb08b05f9d4dfa5a291b1e8992a34a; Tue, 09 Mar 2021 14:49:32 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 06/25] LSM: Use lsmblob in security_kernel_act_as Date: Tue, 9 Mar 2021 06:42:24 -0800 Message-Id: <20210309144243.12519-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 4c6350503697..c283981a6a7c 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index 911e74840593..b63a14866464 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -459,7 +459,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1090,7 +1090,8 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index 421b1149c651..22e0e7cbefde 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -733,14 +733,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -756,6 +756,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -763,7 +764,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index 67e9345741b8..aa81f2d629af 100644 --- a/security/security.c +++ b/security/security.c @@ -1752,9 +1752,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) From patchwork Tue Mar 9 14:42:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125549 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C956C433E9 for ; Tue, 9 Mar 2021 14:51:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4E2386524C for ; Tue, 9 Mar 2021 14:51:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231453AbhCIOu6 (ORCPT ); Tue, 9 Mar 2021 09:50:58 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:33169 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231622AbhCIOul (ORCPT ); Tue, 9 Mar 2021 09:50:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301441; bh=nM6mpVBVYP+uadP1C/5xe4lzYrhCQhV6WhH/8lEST4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=l0ZX3IRD6Kqtvh2ZerTI74tCkoJFPcz8gKIYyidjliOWDjvYMP0AYQFX/GcfTucsaiAew8nraPofOux9HaxOrubi06q8PxWKfR6RiF0DKX0hzYK+URouqPPp1kVQ2KA/GVLUZWglNKmJb7RHWUyHQ56lD+gV5PdgVI6OxFhOxzYb68TURZ0LK5UA+K9WQ5gpfZwBjWUji4kiAJRhsmncaLxVXqg3G6mPyu7KC/czfk0x2ERNf9OCVxZPzx1beJlBWE+eNhIQ6Ejj1CF6R7ylrS7Ya9vwRlAzoU1lJvOsJRAjU0lxRTf4CVVeFUV5PFtRuOtuQSQBTgMkWKzHuCxjjw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301441; bh=QTFQkTEl3Zolgz4whwJA7+gdZCapUaj+OrC5LS4+AK0=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=YPHBumOXWQs/W5L+nYOUgamQEYzyhilHnTZEiN72zIHBCdMnk/3gus3ZWx1btQGznWMPPdXEZoy23WbFOTo7PpbkZfrk67YuUE4WqinHlJaII2cVMrGg7mK0GAbOEkHjvtzasnOYyIBmzaY+sowMjqUfC2p7grtEwbDGRVZUba7Pkp9jYbXfZWKlcQl5+Kl2eG+1mpSN8OzR905MOHPrGw0lAqHFf2ukZwz3tdWEGIETq+y3O8RcRrcWLb9zC0ZtZ0j+oVDfBxDvzfzIGY/IJrFpne0j0BKcYRYdfV+0YlOWvrTkKTaWaOJB/pOe82Bi+GceQF7HXIpE/me6kI+obg== X-YMail-OSG: AjXgu8AVM1mAcEiqdRcdDsHty9Vo69bfZ16QRXWHR7lgYn5Ni1zHhv8k6BxSexw hx3c5kkzHla2QuBtWDM1oL6d21TnjTK_yBWl35e9Sg8HQIdM538VboTaPSvAw_Y_rbotGtbi9hH0 6zA8wSX0VN2x0cBZNut54cJz22pXxi39i3Kk8Zeucb1cShEoFbs_GwM57T3YhhqqNUTOAoTdBW2D TkP5Eom6CmmbDcrC4gsfxWGxCpyipbRFSSNNoG4En3du_BVIX0.KU0YRB2LKBpogq_fEG.i4VHyC 8GDiUYvVKBoLy1Vr1VMpjFUJih7k.xxMhur85HloCq7aBawr6GTyaAzsS0H4BA5P_cwFk.wQCka9 ue9Yx14K04zd7.maRjVbuT0PNx45jxFyKtBVnZmv_wnp1UpR4wDDmyUoRsUH3mXmPMjQk9mW8J_z mU8cC9SZltdqF7KoGLNlXOfwFbyW3qRXs4ic.mSHZUTO5lS_M64BNHuEwTed_vRnKOnCzouhSOdi v_Zd6QBEngafXp_yjIyUE39ud4RMqAuSSHkIEY8jyrwuSkIrZR4dZjuJwHxMz7P39PqubfXNhOeW 8XhquI7Mn576xx10wtAjIYGdeR1KLygtGsPxKuM5Xq7fN_pQ1xPMnbTUE9l0SjbccJJ.7iaYlfaw DdVFLbk0cKF1r.O90_.VL0DHuuUCA5Kam8TMnw9sSkjS1puedgq5Euc1L5rpaloD1jIEztWGyR.z vldb9gDAeiJ07MF8pIZqbw_sBQtlOuQkVebPtTvdIUPDiB322z2ihLhq5aHBpWWChRaQ7BHCvuhb meGelHZe08sFrH3rULFc3sYj1gFTeuLIVshCj6ax0sIHMw8e2RkJrqqnmlCs2jy.zfO3E2t7EqBq bbw_fCOYlZhwDjCouApevLn92Iijqs6kZKOTKl1qrv.RG6fPpiTKS5RfZ0v6z8wtR7wiz9EU9kx5 agiZ0iEpQjo.Y1ZiaG5XC.l83vJ_pJnkc_O.fS.Zl5YM2wQ.fO7DLLHRToEAbsH47COZ3epybWuw R_hYpHDYCbMIfdx71YqbkekSE0DUeftRjv2o0O3kYiK_rGD79wvKL0S945MWETbiF9pdsg1WDMNr ArfHvarDlRrQDlBTthn7zvd9oklw0pIKvmV64UF1LGqjTuGCqDGbPaZ6TAmUb2iAJhKv7fuDXzH0 FmZrdHRM0.flf7CbOCWgiII2Y8tRYNnRq1R.ZeUxP6z_BoC7aWi6Lg8hNCzloPBQ_aCoyp9hBgk9 fgZjiSIH.vch6QFtne3T1y6z2OI_xQr3_NVyj9uIYHhd479HXM65xZmvuvg75aDwCMxFpm8PkgCw TPZF0s0.YpY_H1zJn8CFk.8WkB.lzemY.jK.P_Pfo2FCSDHs1g9yGhUgeMAZtgvNf8m2SdX6P_sx FpwXqGCMmn1SFVkAjkoJXdIBEf8kfJ9pA2_Xkyp7qdp6WYZZ5Ld3FoRvJs.FWoJSEQCRge34MrBT oBQmbJriIBGQbaFMuz3ejcdCnykI3lC4j_PQ2KDH9gxsD7oFXb2rLnff9LGTWo6aXZtYrKR_on5u PlyjK4XJW0E2Qv9Vw6S9QZHGJ.x1c4g02tGVWAhtNhfleiPh5csxWZr1HhjzK66G5udX1IoATYvd 9rpWTaGFvsQEX.xK8JRrhtbgKGy1rxLicNsQRR0.G939mPRBqm8lBWri_v9beAYi2WquFX5uNLvD 0NMkbnZg0VlFJ_VTVhg0EcBI38yMWTIsGRG8.FQc.rXHWg2cjsSO3mT3DEEdAxpyEUCWmZB6dMNL fD8VgK7uObGf1.GNbwA4zrwyOA0WdZGGKAjDpu9A_GiZEYgzVI3aCn8Z4e4w8QJiB91rYco.U02P xdVEWb6v0MnOGZKHOWHImndvoN5Vr_K6URBeRTz_HPWsJy5yq70uj0dzHMKBUkr2NDqlujxhs2hj yVGVpEH8.nyQ2V2xvbjSrk3RTi08nfjzh6PuOq2MSSfBqxtJhKps54dUZj.N48fTMejvRiOJmwfO iRCZYTjlAzff9S6jI6_8u4ndL0e8vlR3qYbEv515eZpChewWp9DtoOmk.r1vZaoA8ZZsFEMoAq92 9zZyJ0FIqzTb9SiGpwKI6nLPQ1Q1TeeiH4zLJW_cXGUJBoNjtcEjczSH1R3feIfG56QDSuekju_G E4W4_htxx3hXGVi5tkVpAlxU3zypE3IHdcOENuZpGmfIOi1riFqsTbnwPEx_U5tKNGQtcmOOF6nx D8ROo1QkhaowgJk2IU.s9p9RCahOwA2.ZXBZpPGdKeyV_P5KJuSyeR7_Zg4X8tnBYA1.QGrUN8.L KcGLjnwzhLdrxmRsVW5kqp0jo1f.lzlp2dPFWskht06PSmf_suweP1q_xxLAPnU3ow8Q1mFKKhPS H_5uIN3J6AECS5KKnahKx3kEQv5q9e77bq9T5RDgV8DsQDjn9ydmrTvzscv_ZVJnwBIE3CM2qfdM cw9yypyNEZWK.KlfMI9TrlTtcui5k4WkSGdSOIhcTHLxXgvMQCtpG1V1_VEKmQe7eOmozj81UB3z XiFgZ_hGr_9GskvpHWPbhzDoxIB7VC3L4BYbA_8hsOZGv1TJAKsgtqtY9GiPptp2RmIwJCN7kyoT Ulx54iV1Aw87jqmeT1ykNlHSC_TunvCsa3f1irYm8LzZ6cLiwd04wC04tl3JnS0SCt96dGxb20nY W_vA7p12Wt.YqJ77AdjIxvIq6M_3Twh19qM5awoaoD5FIxt18wMbzHqmINZ1QnOWzu7hUjVlVvj_ fHTdZ1_HAGzSfeMC0TMeM8P83wYvjQfvQhvVhrZuxQvgYwU13wzJYGEWl03l8BDF7AKDf9iJdP8X v8.JS7H9FBveBq3Wm9BAu.o47XoqbIteh8T4g3r1EjcvW9su7SANpkGyHk9HkEg0c8vp5CS9haBo VKQl7TTSyiopr28rF6L7H2H3VVtM12oludwtIWfyQy5uNkDyCESB2DZT0xZ5dCdNsHKbGVgVuDsP iXjEyMDMhP9jFjanEEF8TkzaI2E92GDixJPh_Qz2xFPqc4CdCkmQPukqDQ0oQFnrybGslU8Sx4FV N0mAtgx_d_lEOQld2STF1UgJkHT1b.ywvBqPfsDpxGAmq74Ao72vnpMTmJ0K2tCncY6ofy_9pYKh OHCVZfdYZ3yMz45KohvmEl_Dd9lnxWenjU2CzYv2Z4IINiaJV0VoiTp82GOlaL.f8bWYKUCI1mLm e4Er2iFe_vicDg6J30mPhnON9wvvdno_d3T8_pnUo4nCfpb1I4NXjMNUSzg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:50:41 +0000 Received: by smtp414.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 148dd386eb95e3d462559e0022539361; Tue, 09 Mar 2021 14:50:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v25 07/25] LSM: Use lsmblob in security_secctx_to_secid Date: Tue, 9 Mar 2021 06:42:25 -0800 Message-Id: <20210309144243.12519-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_secctx_to_secid interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its callers to do the same. The security module hook is unchanged, still passing back a secid. The infrastructure passes the correct entry from the lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++++++++++++++++++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 ++++---- net/netfilter/xt_SECMARK.c | 7 +++++- net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- security/security.c | 40 ++++++++++++++++++++++++++----- 6 files changed, 85 insertions(+), 25 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index b63a14866464..1a1fbe0746a0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -196,6 +196,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +/** + * lsmblob_value - find the first non-zero value in an lsmblob structure. + * @blob: Pointer to the data + * + * This needs to be used with extreme caution, as the cases where + * it is appropriate are rare. + * + * Return the first secid value set in the lsmblob. + * There should only be one. + */ +static inline u32 lsmblob_value(const struct lsmblob *blob) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (blob->secid[i]) + return blob->secid[i]; + + return 0; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -524,7 +545,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1364,7 +1386,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle static inline int security_secctx_to_secid(const char *secdata, u32 seclen, - u32 *secid) + struct lsmblob *blob) { return -EOPNOTSUPP; } diff --git a/kernel/cred.c b/kernel/cred.c index 22e0e7cbefde..848306c7d823 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -757,14 +757,12 @@ EXPORT_SYMBOL(set_security_override); int set_security_override_from_ctx(struct cred *new, const char *secctx) { struct lsmblob blob; - u32 secid; int ret; - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + ret = security_secctx_to_secid(secctx, strlen(secctx), &blob); if (ret < 0) return ret; - lsmblob_init(&blob, secid); return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index a7e01e9952f1..f9448e81798e 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -809,21 +809,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = { static int nft_secmark_compute_secid(struct nft_secmark *priv) { - u32 tmp_secid = 0; + struct lsmblob blob; int err; - err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid); + err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob); if (err) return err; - if (!tmp_secid) + if (!lsmblob_is_set(&blob)) return -ENOENT; - err = security_secmark_relabel_packet(tmp_secid); + err = security_secmark_relabel_packet(lsmblob_value(&blob)); if (err) return err; - priv->secid = tmp_secid; + priv->secid = lsmblob_value(&blob); return 0; } diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 75625d13e976..9845d98e6b77 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -43,13 +43,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_action_param *par) static int checkentry_lsm(struct xt_secmark_target_info *info) { + struct lsmblob blob; int err; info->secctx[SECMARK_SECCTX_MAX - 1] = '\0'; info->secid = 0; err = security_secctx_to_secid(info->secctx, strlen(info->secctx), - &info->secid); + &blob); if (err) { if (err == -EINVAL) pr_info_ratelimited("invalid security context \'%s\'\n", @@ -57,6 +58,10 @@ static int checkentry_lsm(struct xt_secmark_target_info *info) return err; } + /* xt_secmark_target_info can't be changed to use lsmblobs because + * it is exposed as an API. Use lsmblob_value() to get the one + * value that got set by security_secctx_to_secid(). */ + info->secid = lsmblob_value(&blob); if (!info->secid) { pr_info_ratelimited("unable to map security context \'%s\'\n", info->secctx); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index ccb491642811..df9448af23dd 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -882,7 +882,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -906,13 +906,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * + * instead of a u32 later in this patch set. security_secctx_to_secid() + * will only be setting one entry in the lsmblob struct, so it is + * safe to use lsmblob_value() to get that one value. */ + return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, secid, - &audit_info); + dev_name, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** @@ -933,7 +938,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -955,13 +960,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* security_secctx_to_secid() will only put one secid into the lsmblob + * so it's safe to use lsmblob_value() to get the secid. */ return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, secid, - &audit_info); + NULL, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** diff --git a/security/security.c b/security/security.c index aa81f2d629af..4fcffbf1ff8d 100644 --- a/security/security.c +++ b/security/security.c @@ -2140,10 +2140,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) } EXPORT_SYMBOL(security_secid_to_secctx); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob) { - *secid = 0; - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); + struct security_hook_list *hp; + int rc; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2294,10 +2306,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, optval, optlen, len); } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc = -ENOPROTOOPT; + + /* + * Only one security module should provide a real hook for + * this. A stub or bypass like is used in BPF should either + * (somehow) leave rc unaltered or return -ENOPROTOOPT. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != -ENOPROTOOPT) + break; + } + return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Tue Mar 9 14:42:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125587 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E06FDC433E0 for ; Tue, 9 Mar 2021 14:52:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 88DCC6523A for ; Tue, 9 Mar 2021 14:52:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229815AbhCIOwF (ORCPT ); Tue, 9 Mar 2021 09:52:05 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:35854 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231243AbhCIOvr (ORCPT ); Tue, 9 Mar 2021 09:51:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301507; bh=r7g+WSMCH453ybpndKJi0Mx2b6uBapcQsdt8icGIdLk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tSYSGlL3yGd/zTd4jYsgmXYjOzNui8lO4uYyTyh9v3Mmk6cDJzV7y+X0ISMD3S1QID2yNaeACuRhxZriQA0Tp70MMGpPF5lkqZsBFWhVfQd4NxSv3YWMHnUvv4ugHKEQsChxWN3cH8xxthXnfT3yfbmphFS9MgJW9DDQm3Xuw4MGQD/EfnWPsSbpOmO8V/T4PO32AJUOGituvLCcUtLNmMxmY18mcdyENFyWsyeVVfkWbEHuZ1ASKjxfhGaPlvpVQN0PXSwvi5yMaxQn8FXvweqYQStvXFedlStizOOo/smFCYsc0wYYD3vPXV8ECkzkViulvRQeBIlp5xg029HnGg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301507; bh=y8DTFQqifpy43eDktaWffNG0zwfSPquPxanzYFgfwvV=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=WFf+RrNWLYQiPIkKj48Qq+wMu4SOCd5vlOdHJ/stjX4p8cHkNW9DUePiVN/mmfO9bCrbHANncOZrnJBsjiRqZWpHREZVuQWL5GB+Aug/jWIQFaYCxskraDoP4U5cRu0oEyWDBYOy3C9fYcmSl3ImDTO19BL7Z/V977CqSmndPkrsEZmn6g7KPnZ8aAFJ+xSTjKmhFO6oUeIk4pEABEWHSsjAR9GrFCTIf4fiuXZ7wpZwpM4bVebbT7LYZS6p9nlC13g4yec3eu5HVPev9S6xPj+jm7qaNkdzzaO07E+Xmi0dX2qJC3om1XLP7RQpdTRMIyZkLM9vshGXi7tUvDfZ5Q== X-YMail-OSG: G2bKkdkVM1lBFoF2QB5o6WxcZl0OJh9vretO8MTB3P7.fjEee30ng1KwxN_vcbj TSPPUrHgq08w.hntYJT6_w_2O43huUMmBqIM23et2cDkVydMF2XeS0DwDOD1vKBUsxSquFEwGpMz nK_Z2dnJjEQaRfPjbUzeM5ijKrr5McPizCfhBrdgSGImhvTh3YD1VGYhghqlBNlLGoQw.HfqqwH3 WT8DMvb8NpLzIbgUURSL6GRQcfv6o9y9Lpbax4BBKDmtP3WBgK.evaauGjyKTP0f51UECYXQg5yM hMxhY4ux.4WYZfwjS8KIAvrRwmBhpaczfnQ_j4.JvIXMiAQ1VwdrmoyZGCgzgEgKRZwYwhu1lU4w fSvAB8KCR_l8MmofHFMkBafr8RamJnEmRCKjI6sZMili6.kgUXhHRyNXSeE1KItc3.RyAQ0IFQQF 7EquGBJJ.LkqWEv2HPKMh6OhctCQYDM4r7Q24ECuHU_cESul24q.M6FdC1gEzp7.OhjG38QTEWlI h643So.WQrrcMpkjaYqkdTn_Gwy8SgW4lE9MbgYHeVZVnZgvmdt0CxnA40Mb9nRZBBw_OW..dsug uP2RaoIqzCJVU86mppcfiSftdwDJsn.2x83KENWRMrD_3.Q3y1vXRjPex9fX7yCceWNX9zvUOBi4 n60oGXUYcaAqOUvnc5BCezZRW.ZJWxVqe7uowpi9RoYQODxK4D8lOfNAVI0CvGAwGsvX49KLgCFB TzxlAGdqB7IwmubwbUg6dkBRWucO3T41T8nqLQKR4ym1EBU71ciRwW12vtmbHLdvQaM7gwPG57PK xA7mXyuffR7cemFKkLtqxC9WBmKnx_t.Az6HO4hGu16rKr234_cLcVVYJpNp2M9fBd_okJHgxKt. UEmw.RSZNDKDCio_dIu4kW52EqXzN8G1.Kk5nfw3GeDKm4e3jMxrsivqPnrQiU9bfrGdqK1lhsIn sVfHRBUXAVRNacJnaI3L27TYc.M1UO0CVRzpPpmtbURTyLIT5d7WbTeWhqeScqdUEBhmSLVHc1Ni XSunWtHE0lIOA4kziQ2RHPghEZoTBjVFsygZH8qM3VnROEiGIG7W9dzDe8kXpziAPLfmJnq_JFhy 8NSIBMwrm9wOm0miQ_AQOO7i1J7AuS9spwVh_VcNzgxj1S1p4tawtMv7L6Jql.9vtx0Cx4IkGg_9 oUuFW6DjHGfCkjqqMMh2s_qoi1z4zJQSpFlnTHYiAGL2N7WKHZjU2M4Jn7wxMGLND0I3OqqL2mtg F40XNFy_LqlVKjpp7bmv.NK9SqXLU89tzZYqzFidRGgK_.H4JpWxolxR33ywD6Q9V5iDyPble5ht PQywoTNLfIXIpOzQkPvpVpvNKLJZ7Hsh6_pCr29zSMzAtBVYqv.kfwsLcrkdzU9qZ3FCeiFZg8XO 3QbD_jm8Xz8nso7InmQ2JbGNFRoP8b.37Eg4Md_jQtMNTGUk7aQxA1cX90ahL2JaGTbfs88VWIcQ rqENyN_ZQLaU_voJ1iUMVi8pDgydKHyfE51MVfOc7wOSw3ne.XluVso.T.XlJ.DCq7m8QSJSp1dQ XmobfBH.Ryaj8B2oESzSRWXke5P.flncBDhP0.ODvZzn432cdQfVM9Q4tx6UgSVz_I8e7fNQs11x q..s1y2I7dI87al_PD0RcNjNGY7gvjgbget6LW3C5FRC5cilpTvQ2H6onrJjkylQCKEpv7kKZXKc U_L4fVU45ozYs3rw0JynIuh0_IFlh2pfs0R_7zRsEJUGLseQ2gqSa7j0jFM231DlFv97aMfPEFLB 7HhGvlkwatxIr6J3IEMe_U7QB5mvMgO91Oz2XEaUhaIateKEzmaYuX4IYxUj.cbuBZInNb2a..Sk kwItnLOrh4TDt4gvg_KtAiOfdY5KppwfWWud4MXB30FqR2QcnhisN9VGY_gydAq_tj0sL6KXRDhl owNDPq94cCjXOxtfKvqiT.rWfqFQFCBBizyP8QlrWvItyTQoVskD3PUfW4QXuwX49sIxw6swyKQr T6HrVbtMUjpMBQt4hVc.akpqo2.yaVMsni.Uk.9sBMpsc1ZdITqQ0DpcD_hOFa4BGvUDjaQPQ2V8 qz5dIbDM6CQH7hxzj.1xBuVi9GlQ5xHJnUD_jZPAVfpqpbP_EPCH_Ytw_WI43N3jraoB3btb1vlr rEbv_GAT1Otg1ifGeXj6UggKrMkfSrqK_zFIXOIo10qqujvAdIZmbR3vCjooYxkhNSbt5xYj8IIN 9v5YwAOJsElZfRJ2AZiz5mh73AJDqikj4NpzcsICZo1VplNEsMRAIYsTfJR2W3Jx7hZBhonOIT4o yDNfBAQPPQG0YUr04jigVQN_tFUtozAyPz1Y2VNInoJzqRMw5Ln522ihmg1mYuJOiPO4KhY9XW4d qNISfApDE1TQF88QIFHRpl5Pstot52MhM4SH.EtWnldlcM1U6c9g3VqN4gRTcKHC2cg1js6yJp9U 2kq.lsuxMMSBsqGYw8slWxFb4cR0_e7v7WZmh5ysDJz.WbQ3Kmc7Gg4k8WZNlbDH_4zmikUiYyeN 20Mm2xRbsgcT9McQhAIXi_2yUxdPnFoc3jejDcZZQJvj36H_2bx29uOCz6HWrHKAJoHCL7ndL7NB NJcMJmvtwPtgNqmttyDtFCODP2XNXcQi2A_EXWQ63TnqUsGWasqSaNdemaTrlQfdMa5dZDecmhN9 xiUXP4fOd2skL.3VtE1fmEgGt4IX84SHJBEhG3S1jXdXVriCrbJIUNMBcmrgtn1hZNODxGRGQj.c JMAHORlcWm.5qZBdE923Gf4w47e0z3Wb7p4beBCtFMj_n6nw3ZD6w1VRZ90z6FmDCfRU1hE4tnjq Ai.n8b7XAJ4nlhJEX71m0LwvgThI4pLHeAWqdChoJkG3.c.Fi5hFSa1W.pzoFbthe1SfwI9Sqjnf hcNOOHzUG.xAOMFxVoLFS88EZFyChtXvnwWhczLeIs8yXOYpu9qKGlnl_WfSg9PussXtmaMuuBRQ ZkLp._LHrCXFyENQyqn5PEUR2Sgqd6O_SeM0nUbEYvX_mlBL59qPyowj.NKkYtJQpNR08jWRLnG1 z_.QiVBYGPGAWL4SPRu0aguJhfg3YfDO6nRZHlJKtPvmoFQAJOJq_MeQeeldofEXPt294hdm9OFf 3NFsIulv9KrY2gvhjTSbuh0XzekqgIXIhVIsFPo5UoLWZG50rC2hHYI9sodUZnNlSYTCNtEpjF4l uVLPVPaGhatxE85rO1MKt.YJF9epQEhTdIOz3mxATYpFft_LX6Sz78B.8Mg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:51:47 +0000 Received: by smtp425.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b1b2dc86cf23afd985c4744288b8a0b6; Tue, 09 Mar 2021 14:51:43 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v25 08/25] LSM: Use lsmblob in security_secid_to_secctx Date: Tue, 9 Mar 2021 06:42:26 -0800 Message-Id: <20210309144243.12519-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso To: Paul Moore --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 7 +++++- kernel/audit.c | 20 +++++++++++++++-- kernel/auditsc.c | 28 +++++++++++++++++++---- net/ipv4/ip_sockglue.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 123 insertions(+), 29 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index c119736ca56a..5fb8555ce166 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2698,10 +2698,20 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { u32 secid; + struct lsmblob blob; size_t added_size; security_task_getsecid(proc->tsk, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + /* + * Later in this patch set security_task_getsecid() will + * provide a lsmblob instead of a secid. lsmblob_init + * is used to ensure that all the secids in the lsmblob + * get the value returned from security_task_getsecid(), + * which means that the one expected by + * security_secid_to_secctx() will be set. + */ + lsmblob_init(&blob, secid); + ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index 1a1fbe0746a0..01bf23c68847 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -544,7 +544,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); @@ -1379,7 +1379,8 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static inline int security_secid_to_secctx(struct lsmblob *blob, + char **secdata, u32 *seclen) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 1ce365f4c256..23a35ff1b3f2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmblob lb; char *secdata; u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + /* There can only be one security module using the secid, + * and the infrastructure will know which it is. + */ + lsmblob_init(&lb, scm->secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); diff --git a/kernel/audit.c b/kernel/audit.c index 551a394bc8f4..fcbdce83a9d8 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1442,7 +1442,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_SIGNAL_INFO: len = 0; if (audit_sig_sid) { - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); + struct lsmblob blob; + + /* + * lsmblob_init sets all values in the lsmblob + * to audit_sig_sid. This is temporary until + * audit_sig_sid is converted to a lsmblob, which + * happens later in this patch set. + */ + lsmblob_init(&blob, audit_sig_sid); + err = security_secid_to_secctx(&blob, &ctx, &len); if (err) return err; } @@ -2131,12 +2140,19 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; u32 sid; + struct lsmblob blob; security_task_getsecid(current, &sid); if (!sid) return 0; - error = security_secid_to_secctx(sid, &ctx, &len); + /* + * lsmblob_init sets all values in the lsmblob to sid. + * This is temporary until security_task_getsecid is converted + * to use a lsmblob, which happens later in this patch set. + */ + lsmblob_init(&blob, sid); + error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 829005d3228d..9963c3bb240b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -671,6 +671,13 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid(tsk, &sid); need_sid = 0; } + /* + * lsmblob_init sets all values in the lsmblob + * to sid. This is temporary until + * security_task_getsecid() is converted to + * provide a lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, @@ -688,6 +695,13 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + /* + * lsmblob_init sets all values in the + * lsmblob to sid. This is temporary + * until name->osid is converted to a + * lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, @@ -995,6 +1009,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *ctx = NULL; u32 len; int rc = 0; + struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1004,7 +1019,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (sid) { - if (security_secid_to_secctx(sid, &ctx, &len)) { + lsmblob_init(&blob, sid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1247,7 +1263,10 @@ static void show_special(struct audit_context *context, int *call_panic) if (osid) { char *ctx = NULL; u32 len; - if (security_secid_to_secctx(osid, &ctx, &len)) { + struct lsmblob blob; + + lsmblob_init(&blob, osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1400,9 +1419,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (n->osid != 0) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { + lsmblob_init(&blob, n->osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ec6036713e2c..2f089733ada7 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmblob lb; char *secdata; u32 seclen, secid; int err; @@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + lsmblob_init(&lb, secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 1469365bac7e..cc2826cdba8e 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -338,8 +338,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct nlattr *nest_secctx; int len, ret; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return 0; @@ -652,8 +657,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, NULL, &len); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 0ee702d374b0..ef1394f7fcf9 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -175,8 +175,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) int ret; u32 len; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 48a07914fd94..1956b0312ec7 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + struct lsmblob blob; + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); - if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); + if (skb->secmark) { + /* lsmblob_init() puts ct->secmark into all of the secids in + * blob. security_secid_to_secctx() will know which security + * module to use to create the secctx. */ + lsmblob_init(&blob, skb->secmark); + security_secid_to_secctx(&blob, secdata, &seclen); + } read_unlock_bh(&skb->sk->sk_callback_lock); #endif diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index df9448af23dd..0e5d03c228e7 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net, struct audit_buffer *audit_buf = NULL; char *secctx = NULL; u32 secctx_len; + struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, + /* lsmblob_init() puts secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + if (security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); @@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -494,8 +500,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); if (dev != NULL) dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -537,6 +548,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -555,8 +567,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); if (dev != NULL) dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -1082,6 +1099,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, u32 secid; char *secctx; u32 secctx_len; + struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1136,7 +1154,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + /* lsmblob_init() secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 3ed4fea2a2de..893301ae0131 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; + struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); + lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(audit_info->secid, - &secctx, - &secctx_len) == 0) { + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } diff --git a/security/security.c b/security/security.c index 4fcffbf1ff8d..7a168d7adc02 100644 --- a/security/security.c +++ b/security/security.c @@ -2121,17 +2121,16 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; int rc; - /* - * Currently, only one LSM can implement secid_to_secctx (i.e this - * LSM hook is not "stackable"). - */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], + secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } From patchwork Tue Mar 9 14:42:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125589 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47B2CC433DB for ; Tue, 9 Mar 2021 14:53:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0F49864F56 for ; Tue, 9 Mar 2021 14:53:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229815AbhCIOxI (ORCPT ); Tue, 9 Mar 2021 09:53:08 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:38240 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231735AbhCIOwx (ORCPT ); Tue, 9 Mar 2021 09:52:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301573; bh=usTuQN/ubb1EFIUe3c9whA5Y9qOmw34rBjIeCw2H0+w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=rJTOjcVmTHN0MtdyD5fWx/k6cEVl4zezX+k9v5INMfYEo2qqEtpkZk123DFdw0RAJq/URNFGywdKI3ZlpzjE++e83RDqgiW0hcM9fyWwm+1LT5hU02wtMApSvtw9Pio3pJnIBkreO6AK7ZQPRLhq5rSHfXHIdHoJbZFKGNehv0nTAK3dRi2GKCJskQKaWLk79xt90iSmVlYc9eobIhRWIdW80yU5JPiAg8uOGF2iV7MEhwyz+vFNstKaZkh0LIvnl2k/gKXWRuanrZ89O+RNpmfsP6m8KsUBFZW+Tyuy5RR15rSb8q8xjwuLZBrpzFIi0xHI1LPhTTgwBw+dOSNnLA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301573; bh=8BHFneAn5JIuF5O/ij84Bv6/NLObLcaFQKEBsW7iMVi=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=V73oEBqUOCdqOm3veyVf1jtuqFrp1ey51BVElSmspgCLNRhb05ecCxYtd3UpADQSgEPO9FZOtmBBxrvUMI5y7z90LxbKLTRCHbWZUN2J419DkMfPYxI40y0nN6gEpUitMMbmgkxJpl/4xHI+mu+wTJGOb3dCn2RsqSbWoeGCU+eYjhtgv4+Iewm77vwo8oeCeNOYKsISDXO5q019ipULub6XNTjoY9THXuOasM29+3J/q5g0nuP7E1fJOdgebsTc0tL+6twVLPC8Ldbs/MkSecdzOPeXykr9Hc6UJYne7v28RQE3Ut5YI9X5Ip8H8mU1rxjTAvBcjVJEjNjFQK6bNg== X-YMail-OSG: g0jSePgVM1ljss9ZgcfVBcRCrTZcoHv4vqOjn_Xaz.TYM3mJsYy2WU4UR7wos4C 2vapG0bSu1yOI0evICQHCLAOxfJGp6w1yU8BIECQdm8Js_l22BYex0cmSvTdr6_BTtvi.xJ.rXXd 4adnLjIfcpaxLwKVX_jGJ.vPNsdkBHkHuRbZv2blXcbyo5vQM9_hatukofnLtVAQHwEa4X8mUSCp 8pgIsCVOCugVQ2eJjYF8JdDw1.mPcNgu.u21C_Ma155oNkpzH6I4n60hSxWiRraFuHx0ILXDI_gI rpU1vUikqXPM.n3zX9cthYv6HcDJMC30ceIHT11Q_eGUn6h_JDUwb25bbHKwtQfyxd556xDaZ8Bp fU0tYcb0MK3HOm3jav2heH4.Mid_GHPNcKQmD0YjHdnvDFQcVAtTcxkI0PW3xDRPZB1Ic1q7y1rd Eq4CZqUPpW_j5tpR.f5GCTyYIGLkMXQ0RmcQR92xZboLTVLt1x2dffHhTAoG8cBFKDhTjILUvJvN zGehXVUQDCRtsl.3DXhcFox6ukLOt2cYbdGw1N2HEvBPHhJYSQ3J4z_9kQAiXYG1dJEWjOeh9D4r ElNnmeJwVZpXM3cZHBH3w6v_mq5rZjhSBT1j5YIRSTmvM7rBFigk_uUE1KBmOAK5rWDFIztL0VLt Zt8rSQl2pMQ8e8wLeyDXn9BfrWILSMEDCDnhJrxBH.m9SWjpT6tPZMCW6__T6h_Dau285S7eX4hu 44wkKkWiaEOX6iBPyMv2RGI7EIFqf7ocKLOudtjQfxp9pQdM8hJMxFHcu5BBFSiSMhhyGcTWepe3 rRhC8yGgb2wI_NfMl_QCAMvO_iGLe6V5xMx5lqyrNCbw4jZprFu3CYjMkI8oUPEMa17xVeM99yno DmGt1qwrT_4s0ZV2bDzGWVp0NlcWf5hRBbbs2tZMudjQxQGkYllT1IdzA_kP4oY1d2.d5WD03Bnx g6ZgEOmjbM0nrYl0_LhRKovTLvYnclr5iME8XeJND2IysYsm0U7rimIjc6mpmOHPtsIqZZhTmUp6 ZFTsrSvjeQCO.RmUhPIMRBDuKXGtQp3ghvhawVxp_UxAGk78flZqbsaIBWEeKmznVhBpWvWI4ndt Q_O2oLZoE1YfhfCs_LrJi5R.zO9VRTpxEIjGwSODZpnuMU.TA9FwvT4Zq3h_0yyYti531UAytRhy O1R8vvVdGF7nvFAskcpQ8a7vNTVtQ1BwMXp0JMM0Y9pBpo7xG1nFLe4RG0FDKkQRT68WFj80sQS1 CENHxfizw_1qRUm2MaafhzOSQHAd29Qd49HqluvtACfTA3BuNjM.fwoqcO74KbudhWMWZH7pc4KF U2P_0eAOwop0rRtc7_ostWKvVkF.3FhqQQzsYd4LtyQC6r2sha9R.BT9r6YfNB3_fnvjIckvqvxn Y1yZckNBDuMqxQ9P_2dr4_OOBm.9XY.m7B8b0iXK6tA4pbit8s2KWGC5o0bNEvpVe0l4zQKjOcrc rf8Hq5V_XZsL7oPgAiPiHKY8SMNDGegahePSJmIJAWkcNdaecXj9rcsExURgrFZX9kw7fzC7BIf6 OQbwiyW5u_uN8JSeYXli1i1KETA5sWBi_p3.Yn1H8knbaTP6gBW4ooce4a7dx6dLuOtz0NzupzDx K7_cZ.9YBxrhfXEayWvauj5lcSW4sl2yoc4ICwSeK4IBYg4Wt1J2Evc8Vl0jJuQxr.q9VsIQWTSV pIGsXWeNShM6v.3Iq5JhWhXuqYfdPx92.SKtEID09ZEV9.dTp8vQu5PuNdDr6tYfiCYg73sIU2EN thJw7aJ8nJAZBbL6Z6W5.wnOB3lWwZ0IVntAsFALdw9fyPwM3j0iBiHDmbO91JpG95Br5fCN7vRP DA__Efxnfi89MSvXMcGIEI7eBIurisZKO_0ZQXsdJCDCagnzNReiOeykJa9nBVnFHi75HCZe2u5K EYZstxMAfQJWPAt7rLVUVMsaxGzpf7RJR9fHsnQhLFNaBjQFA5F6Il.JHPAmS9xy7QWU_ppfNS8r zauqQr6RytoC1R4eqG7samse1UbcyrarxEZ.g.zkM8Zak0Gupj_k8GiAgWbQl1XWmQ1Sx8QA3DwG ydjjWffAgSBLUXzzgkcbeMnK8344qDSQPcmvizc278bFvUqEUOvFZjFcb1eLhVuRGsW2NrgXgg0O HI9mSlrwDuSthFDXzfiP9Ap8LsUdtCuKOY0MgU_wWMGeIkLGfHGOzy7.6oqMavtnZ5ixNlTR1qKM AjXENfkdYiAHsMuTD4yb97LyCqnlBD33dskorPmrbdrFjaPfWPvVPQnUnEkvrFtxXMjR.cg8xW57 CPPcKBedwALznR6q4CckbrkbkpIYSgwOwzFkQzyqimzFw1GPCv8ahf6E1sZkOfvBDaKDSCC5P2mG NrmPSTOpMhVSD_YEZUlcCC.1UxIib0X_JqAt0A5oKtcZYoqQSVCR.85lxk7aCojUZZouFUlgoMKz BRJqqvCvjRwz8GqRLNyAzE5i6qVMtxxxWlZir4oQ9eqqH9QWKgVsa1qTPWik4MRW2qqGN4WfBz6r SbAICIy.Z9.2B4yVZNUqOB6y6I89sXiHnmv515Tb3JVkeRfIXQqtqPAhjSzB.9APpGKR_cBfbDxA vpf3q7c6aBaz0mvrbPfZ9wHgXCbaDuom2_sjf4LDDvLlK8xKTHlmNZPvdGTAb6E3dsK2zB_LmQbt SkHAr3dhUde1.QovE_g.i62oO3ZaYSDmrtfpQAHndQZ.4H6Q1whW6eCj7kpikyNPRXEdPmTaDeKv Twd6ojRlUeo1lqZO.Tq4d_BhtL1FPfiPmvlR0qA.iIY3y6jsbJJx_uuQ7Ma0HTaJzv.9526CAGtf Zx14vApuRiGPYOykck1SbrT3iyu_HFr0rx4Senfx2PNwhIh5vaL1dmSGkMFXeEO1PnYCZExlnov4 mXBa9vefoJM1xLQffdZ.jmiXqSOpGGYl_gVjyza7kF7JTygM5Y8biXhQhJVp0IhSAHNkjTB.hPzG U3zcCb9z9JoDPNEyipEX_watV9Xnd_BFSPSXg29ki6vq2tO9.ZRI1DMqCeCh1vPhOs3eBFHolr8L jPOakEfkW_G9htqgRH6u90g4kcIY7SgCF8oV.MKW3mbsbMn3qKqAdrLkstQ4JXQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:52:53 +0000 Received: by smtp402.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8f45571bb9982a4b3c7b1c171608d68a; Tue, 09 Mar 2021 14:52:49 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 09/25] LSM: Use lsmblob in security_ipc_getsecid Date: Tue, 9 Mar 2021 06:42:27 -0800 Message-Id: <20210309144243.12519-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 7 ++++++- security/security.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 01bf23c68847..4f5bc3b424e4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -515,7 +515,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1257,9 +1257,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9963c3bb240b..818e4389941a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2327,11 +2327,16 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &context->ipc.osid); + security_ipc_getsecid(ipcp, &blob); + /* context->ipc.osid will be changed to a lsmblob later in + * the patch series. This will allow auditing of all the object + * labels associated with the ipc object. */ + context->ipc.osid = lsmblob_value(&blob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index 7a168d7adc02..23540664cdb9 100644 --- a/security/security.c +++ b/security/security.c @@ -1941,10 +1941,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return call_int_hook(ipc_permission, 0, ipcp, flag); } -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]); + } } int security_msg_msg_alloc(struct msg_msg *msg) From patchwork Tue Mar 9 14:42:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125591 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 539D1C433E9 for ; Tue, 9 Mar 2021 14:54:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1396364F56 for ; Tue, 9 Mar 2021 14:54:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231627AbhCIOyN (ORCPT ); Tue, 9 Mar 2021 09:54:13 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:34123 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231719AbhCIOx7 (ORCPT ); Tue, 9 Mar 2021 09:53:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301639; bh=+/f1NX6henPEUSZ7JJxy8VF0fRA6aHAaCBwP+9Agv1g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=HJlLqE4SZoIwPB9BNXICyu03p3txTvYmE6yfCkeoS8Og2Sgx8GIS2o5IKLmFSc0UDdCXyrkwGKh7T0NOcaFkgJR/5IYrGAza8jtxH67GaLJd6V7P1/EB242jYeHJzuHO/aiqagBs5kndBlRFO6ncWUnhuSMhLwYaO3W/V5DHLl/8298Oj/qszcygvA1tgWGew3xpokZtEpE/Tu7D/CxuSAnWx7g2VTJQiPiLBIC71eaV/nE7UMAybffaP8+s1viR6ahOdkNtN7F1bZaVUiXXbfdnvenTRQnLejHEHBWeos9AGAfr6APtSs0R26VkdF34sgPmc+/erZHzng9wS/9X4Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301639; bh=fW5gG65FzTn5sjQuqPQpNBdUOtWzhyV/yQpYM2jBwZf=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Fzl7wC4EGn33BjBI8XlCvSwe8FbQcVd/2n2ppzBBNj7KNDLyL6ilqI32ey587o2IMZfcAqCXjnGnarffwQLPR8lEQSd8Y0gh7pm6WNSjyldjWBvXrBpCy8cJFEch7ARkURj+rckX0Wx7LNGyfSJ/6TicjPJ0OYHMHNR6apbAr86BtJYzAs9pEfHdTeOdcqCifiDy0aIv3OCffsGsPyP5Q3wtGYRX7lBzqgOJAW+0hB4qnunMnT05hw9FeTWL9HErtJpw6qwlNZVktYsE6RNAmn0kPj2TWv2DfHox2fx+dIB1chnaNqZYAmfuC0KcvygTMdedGcyj9miS95tMrqf8NA== X-YMail-OSG: 4PH9pqEVM1mry_Bjk.QhzHTC01uQbMuRZaz9Nx4PTqg6M0nIDQ11zuUV20eBYz7 6toMEfnI8CzPfNijYkyfipw4rB2b61uBcN6ffu_FKKEFxinTYAnTjECxkAQHGSd_0UGm_i2YAhoT GvxV7p4ONk9rN__fw3rBoHkDJj8PdO7L7Zw1CApgVgT5gsc2_J11MOoRVqWIPVeoPQrmoQfGff20 CJCE7DO0uc8Xwc1RMth.MUMQRRVU_JNEwhUFOcLXD78ZKjn7u7PAofeaQ.VCd4noXwqlY2xtqc5F 5t69xHTfwtfE0CZQfJfhimuSrjZPhGVNj8uvuX6OQmnr8ioX05jA4yPgDFVU6fi_UmVIGHz7TvD_ TvTmXdC.c3OZWCOeNJAzk49wt5d1ycFq38Pp50n7DIAa5UsqjSpKqqbAmF99Bj9dty8esZUAqoXn sw8boG.m5n89NIKpeC524Ey03tP._.c_.cnau5acPoqYvqUlWgeK0USQ4ZFKxejOTVdmpgpXxLD9 bPUVLK2uxSF6g5bCYSlNR0VBbX82Th4ximCYlCLwec.QXRUBowcLDh7d4I2O79NUwPr2vY0YAfjC WpoY0KTOxTDbeg.A2ztYL8yuczuvh2isUwHjXqs0n3xLRR85DavRIlobs1CD8ZNw1zHM7LlM_yMO _kjWjEpMSWjywIOaQ3l7kZqs8FDtgfz.qx0DiYZ5IQzrKN60heyQuypLW_LlkREsGc7HtGAebjO3 37TCmG94.ZWtgj75YoBH9PsKGt94IAmyX9N4R88MSnomJ26rihXWXK29e7FILcEpOJNuFsLde.Px GIKtqb_b2T3aKXAOQtjyaI1H82ylS7FdoEWSq7BRj5fgGk948A_hqCFvsiuY3Zk7VoJZvGVcLZ.u QBP0ajvmE1t3Wd7w18ipSZJF7DnlOyjeRStURi1CUftzgML8rWb4FEnmK9zKBknUSH0DGHzChx.i Pv7t4ZFv7j5iyHo_hnALMTsvXvckNhzUW8n7lNSU24uT4ZDjib56RE4LoejamS5NgLWSUeycASO4 KD344DrK55hA8vROTreAWNjLxdT0E2MeZS1D6Ch4omQYS84GrxKSe8aa8R0VnqZty4UwzFb2CTCU u0vCEi_bD5wzAe88IWy_Z8B_TuQVAr5L0AinRyilIiZBHep7Ssv2yfJx2iFozzGr6iJ.kWRHGxjB AbMlXjBjRp5HiD929_ejePrl85Lr2_ywi6jbYzezLQKhEDrMNKHr88fZ2PuGGZ2FxlAiuOMEZeDd G4JAfkrsnv8mz1AQDy4d9UcuLXeFiSXwTwOis6zza3_rQLVu1_JrGbNiJZ9Ywv8RbWh0pPgK9Uwh Jcld2ZN_jcel_KwAcmmYSpKFWKDPeP8DvFKcP1qyH_5tcgLntglgxQOkEhGk3P0gEw_x_7XpaySe m8E.ZIysNvT_3uBgzyX4S56NnoQgW2qlGcFFO_9cTzkreskOe1HZz8Nq7YCB0H1XTpr7BRNv1OR_ 6Se0ez1y4jSoXjVtIGUXbxtJ3vsq9RAwMKl6UJdEAAX8HudG1C05kXDjU4XXjxLrYBFrvjfQL3_x oIsvvaBNAnmIBO5kmA2eGMjd02FphNrdbbaP7NeKlEKc4EiQCjyHgBFxZOI56l1m6_Ddl.FmxTnQ Fg2cQz4c8KyJ4i4soSNKBFd5WRBWWH4Mm3yAkzlT0e6o6D3c4deqzNMh.Tf2JX9_Xd1lbCtFjhIB V3gmsXs5gA.dxDaNz09Lxn5oG3LsZ6bW68F77R5MRFBb3VTFDjXxfCf9VB88Hz5c1OOGaaMvPiRd jfe2GbrOXzEQfgw85.bMfXSy_.pxXHAryXJoI97K3LCgVhXrF0gzYJqRsUS0HySZXKCLqm1OOEDB FtdO6cC4ROVBfh8nrSWgSkdORlYky8gkoivlI03WkdjGVOYBDCShkj8.ZQUd7bzPS6UKiRo0ATfi AspU7xkN1RUU2YxLTGrzLHHCi3nG4Nf_QHJJURouuyWLzPAMVl4T0qXKN1LEaXwPcgkN1.8t2LVU 1fBCrtrt_AHYdbK9Q2DgsGS1fh8vYLy0l4iI6OO264CMZGgFQXB04Dksl8faWXe0erb7k7zYFY6N BKG0XZQdm.olnVCp8KAVOusvbfZv7gk_S3.086DiDQSmKeOVUJSPbpvrteP_BjRbTAF4W_ZVIH.s h3cFc6RTBMKaliRMRSDYRqJi0292N7KZ7og3UCMv4X79lcPaE6i9KeGNcuHVdcjJA2OscKI5yH3L scFtEVAqfxXa7Gb1xYxqCMT2tbdPNXBo6CNsD82N_pc_SMyEOpq1o1gMjWnpdaGflo323D7OD3i1 1p6jgBEefJeZTLVm6ufwaB5V3548GM9rXtxcHfzZuSaSBarAnkTbCuFaBoMOlH3aG50GsXDXUr.8 Ddh7bI7R9Ff26f0hUFd89OaGw0qx3DEW19CP1AjUGmYFLYTMwsasVkyf69xcP0wt4NML2vv84bKb XHWsOkywiouyA5GHrYC7oOEGvczR3bJltWjTpSxE2T1Bdyv2vdWndNhlR1.Tb0ClwUQ4gWwiRHCm Zx10AbCjWPKhBsOoWpwkvEbnuKbWbUhRba_uxlEhPOeVLYCvqfuX7HLn.qfieSIGHVfCHNfyP8Tr 1mBhaWFw.nZq36Wtxaej25.60xsfwA.hzRCf8_OSg40_tBl2jQ80fmp6O58HXrIxRl7fmDThNL7l kkLI6UMotNGpqokVq_1XXblQBXtS6TcWuu_rr0aQdlsK6NiT8YtxxshVxDF6txyAOnvkJguEM4zE AKtYxiq1QaflALbn5jtEI9wVhhUQF0PAG9isnqcGN1Hd2_Dt25l5NM6gomxLGqbe0AxtT9yCmE.y rfflgc0KOxSzPcF55DGrMIfRIEsk0RFY.1ACZi8ShnodJyP7uFJkhh3.Zjzu7AjKhKZbnYEhjmH5 U4ALTqNJPMbLvvudQ0evdyDQsfBJMqjfLNGc3DYEcgN1pwj5gMmxq02k7xtl.WYQmTVZjwjB50vB bdlitD.3aT3bAymZ_aOx8AgJP1OJZ7eSBn.jtpaDjs5HR.dElvXBsqEHUvrf6vQ3lbvnBAhXBNhZ cqptdhjASC0SDUE3cnFRkOJyuJJf77Wj7166xHlqoKLMmS3IOmdBBe8K593rGUWLLplQ3gENtl2F Xs0BypZyKhBG_IKxF1xGLJ68dHLfZa5EHlcU30toljTKROhdHWS6MbDYPcruOmd7W0axfStZYqDD IU3fV8rTG0ARLUTjPwqYPakU4LwcHvW0oKV_l6PQF1Vbh72xDcujsYo8ujA7SjCmkaEbW9Q4GjOY FzA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:53:59 +0000 Received: by kubenode506.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a17609254ce66e9acb2bd35eb39b0617; Tue, 09 Mar 2021 14:53:54 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v25 10/25] LSM: Use lsmblob in security_task_getsecid Date: Tue, 9 Mar 2021 06:42:28 -0800 Message-Id: <20210309144243.12519-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_task_getsecid() interface to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 7 ++-- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 10 +++-- security/integrity/ima/ima_main.c | 56 +++++++++++++++------------ security/security.c | 12 ++++-- 10 files changed, 80 insertions(+), 73 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 5fb8555ce166..1a15e9e19e22 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2697,20 +2697,10 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; - security_task_getsecid(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 4f5bc3b424e4..852a4764a609 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -498,7 +498,7 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid(struct task_struct *p, u32 *secid); +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1184,9 +1184,10 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index fcbdce83a9d8..70df7ac1b357 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid(current, &sid); - if (!sid) + security_task_getsecid(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &audit_sig_sid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e27424216159..9e73a7961665 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1361,8 +1360,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_isset) { - security_task_getsecid(current, &sid); - lsmblob_init(&blob, sid); + security_task_getsecid(current, &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 818e4389941a..c2fe8d6f0238 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -471,7 +471,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -668,17 +667,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid(tsk, &sid); + security_task_getsecid(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -2426,12 +2417,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &context->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2447,6 +2441,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2458,7 +2453,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2479,7 +2476,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0e5d03c228e7..93240432427f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1564,11 +1564,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &audit_info.secid); + security_task_getsecid(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 3c67afce64f1..438b5db6c714 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,7 +34,11 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 565e33ff19d0..ab0557628336 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,14 +71,16 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + security_task_getsecid(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9ef748ea829f..360c5e3760cc 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -388,12 +388,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -419,9 +420,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -429,11 +430,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); inode = file_inode(vma->vm_file); + /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, 0); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -469,10 +471,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -493,10 +497,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -666,7 +671,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -686,8 +691,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -716,7 +722,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -729,9 +735,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -852,7 +859,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (!ima_policy_flag) return; @@ -872,9 +879,10 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid(current, &secid); + security_task_getsecid(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/security.c b/security/security.c index 23540664cdb9..67127b6f1710 100644 --- a/security/security.c +++ b/security/security.c @@ -1858,10 +1858,16 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid(struct task_struct *p, u32 *secid) +void security_task_getsecid(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid); From patchwork Tue Mar 9 14:42:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125593 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4653AC433E6 for ; Tue, 9 Mar 2021 14:55:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F2EA765259 for ; Tue, 9 Mar 2021 14:55:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231802AbhCIOzT (ORCPT ); Tue, 9 Mar 2021 09:55:19 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:44306 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231816AbhCIOzG (ORCPT ); Tue, 9 Mar 2021 09:55:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301705; bh=81yGunU8L5v2kyXXu1EKy02xORPdxecNuXIpIqC5nTM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=t90oRP0I9riMM8icyk2abKaaxZ6bj9sNe0jq37XNkkXMNnsg7fqMgMU9DLgjfsapVsyY1tkFtTab0kPy4CYaa4iVCuIq/YGLOAxDYDa4Y+EoVMh6Hx7OZn9f3KsT/JLBpugXyoptmxa25geUd/k4DbTegXyJkNK1AagtasFk5ReXjI3+jllqHUI++4S2nCaY+ZttfjaSC5svXWVYAobk8dr55S8/2z0ZnA2IH4zqY4Yl0+5rrO31tNKayHh4AMp9ygenqhQBEMlLZL+E1sQ1cbHb9P3QynkGfKquby7dTv5LpSvM3IV8jOoW/deHpmiCewZePo6Z2hq4CS4w9/5YFw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301705; bh=MCQHmC90LZMeHKiujCf8q33QRkR57d43yUiOyxIwwDv=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=QVuzQdNYfJYqA48R7XYY/xjsXGP96NQN2wktfN0HfsgIEPOy455tbKwemcwGqKnUf/YQ8lIqRhMvBsa9Uykis4y+q7QOJNaEw9tZx8p8vfx9nyDuloZ12hLDIQOwA3hpozb+x85q9Okm3ZSzM4ZljuZP+np/x529qoAt3pB8+xlYgjYIFm1no++W/0yC2RHc8P/NmxNM/O3tvvuzOl2VTBafLLAphfGxJuqPSXDebplUoMx6y+s9WF+1Iphxkji3jCiuN1J58M1vCFfVNHBJ1zH+1vrJtS5ovCh2b+auAQxNIYIHCQQSZOpOG+naJ6exGpBuZZVq393b4XhdDk0C9Q== X-YMail-OSG: lpQGXRQVM1lEgAAr5CUd6lAESi25MynAb6WyHWh2buYIHtkDBUTRN29goN18xw9 cAFYPISJHE.AUZ5Ob3tyy1eK_0Rm0CFxmWp8Z5vYzC.0Guydri9IXrjuxZtel_WixU7xBPWesfAl _Kf9HH1EPgHZf36fSVzjyesjec0OSvKk5gLei1557yCTbihFAQ_XporlzXI61d6VTAIlI.nejUdo kXX1Y4awbAoHzALQE685MAD0dSSkYU3SRPzBwy6T3eGoR1MdP.EMZSfNStKX6xcO9etzAKZZBmgB yuQKJ_kx0oZMvWhlPaAuRCx1HRSCFqN1n89Bqy._yD2BHqIEtB.p1zrUoidE9WU3lP30XjhV28C5 PNeERf9zZyODSmUCMFRqtTrLFKzq30O8GLYka.qhKMZdDMHOFCPfIAJM3pPd4ufcHkLCEZhbPKoD y6QR.wckkDvm8OUseWXPDSY4NNFRzuqkU54o815VWLK12lZ2LmB5Kirq0vVu6S0OFSOtpZK1d7Gv zEk1kIRFmQUk3BrwlNfZf.nxx6QO6lO_9tAO5Gq8z3UAxQssnuFWRzJNG8ez8kTb2MT3jUYTh2OP uhTC_t9lk8ocgvfE7cqG_zVZSOg5uOmhvM6DmbeGtOOrnkSbuiwhD0Bwu3Khk4fOIEYa8ItxzJ9g Rgkco.q0Un_nlbZdHmDlpjTfrilU_SrzHYH_ktupxpSGs4QCbU8OaJlppfuNa2VwTkX7dwfLO5mG 3OwbccLoNP5i4bwsLmtTeX9wZlWxwJRq71IahamYGSxur0eFHzQb9yyqGbjN_HR3GxDXoxFr3Ef2 3hmNFKPYYBLK8T5pilPFnk2huBk.05gZHA8ikddsM7_omoA1QjkKnE6S.NY980KPtcPQ3pGr3g0G NQwEsTd.U772Nx0ERrw.Lkh5UzUQ5yrtQPPfm9FqWa1K98KK4WaB.edUWGgUSOl1_tuXgki3AZBS ueBEptKVlubYxBvtzvUHrlnd8kKH_63e7yLcz1BJPYvlYoi.OFKRVp7PU7re1vNGNGL9xjO0wanF 9vfiOnAafTyparNounSDZIzuzYiUZ9iZgOZFGkmMZ14n7x6Nh7gUgGUpuMKCD6lKUtMpb84xekfw yPHv1iJdVPaoE0lzynzy9pa3E9TI4tFCprK6i.y.p.1ZXKGvesIkgTjaA.0CV7OEWmpJwR3_aeKc 23mauqsbNA98TBGxxei2_NVJpVTAGPHA8qaDRLGgTRFFhTQ70S98mAxBiVVLfeZKvgKE6pZP3aU_ Wxs2_58aMYQk1RykozBEm.U1DjVEohSVcZ4KnJU1.llNACYrJuW8Zv3qi.YyFi74ngEV6EUw5MNR c2UWJ2KPZrnOiOzLd3LIlsHFbjXp04qzisy4QmHGlPaUjkCUGDOG.M4N2tLEyDO1j47Jabxlptq8 OQ8xMCaCGKRI8i8DSBshb3_Zvy9f09onHlIlP0EqEsfTnfzDiTsa95L_rvZYH8kUbHSX81FtrlZc v2oyCkG0e8wVSLh982CecP0TdaRdzzAAoKkdNvls2IxI6bbi0NM2vwWoyfMaKyLNHjDBusrLjLKD buGepU1gIC1J_gfsez0JgOiJa344HrQ79I9i4aRPQ_JQSTuIMXBp_q5lD3w1G7fB6am2Z30rGlPq uxNOaKkRCgU6CEJt1hEYjBXVEPJmgYkzZ8F.P4HaUXSPTUNAfRjOzP2RGZfE0opKP92lImq4MgHu crW142C6ezUCoTI7IK9aaWfQ9BcGSZ5oQAaM0ggBIAcnkQ1cOho2vDHc04bb9em1ZdHYUSKyay2Z elHeQwM6pKF1rQq2gKo_k_X0uKyvq8QWWp4dDJlivofHr_uQr2hmw_eVyHUQrF7nV7td5zLNH0.H j2hY1L9DB027Si0qc2JhySdUaItWI2lxZs5__.Z85_xphRLJ4SwzxPuhRXXmLVIGs.ecqgNGc.LB ACGNmLbLGmivvxlSGoHfD9at6.TYVB77aCOwPn.nORpbduVYTr7ZR_IXX1uOOPz_cQR1mwLBSwIN vXvTleCb1WErv6gynjjIrFBXUubpNc7PLAuPxyjwdSyFCRD8RAXNUsVAPu7DMvddS1e9FKqsAh9T eaqmL3mwKbzRmNwsRJlppKoEfI.0eihu9NRNUf7W9qH_4mz.4iEDGJq3Gho.II1psg_M5akez.ha IFcb0VKJhOcPV0CyUG0inO1sqdMhSt.6hotoHYor0t9lyyG_bV5rH9QkIsz14yTpx3VNwSHptKWf 3t_A2WumiDEwxCX_KNVjyfkpM2ckelPyyb9rKp6v7fX2djOTpmbsoHSY2YU0R.LLJBe4VR_MfBR9 fQ5bH0pVpN.SOmqoMKXqRFwjUxIumITNVIFdxhtk535P7WcBOyXdlIf6xvDGgMW89ftKVQaBwfhp gcKe6Rdwd_AM2BYO0qvrBgKz.B04z.uQqwc1BTLKIfqoeRYDdYdLlIVQJMJbIwWRGEG4v_oVJ3_q m3fqnSuQglhc7b6JyN7xWodlvOVsTIB1LU4ho44Rfm2uTIrMTMamggS_cwWJCLPi1cYzQFrx2_Gn uZOgiSGnTTXWCfUHfXxV1wa9ET8.sbxaX3I9g0aXVr2c3kQ3ootEPfGzwEA8JFDUWlD63GvSIK3d bYX3gSl7A7akLMWEifwj5IbYtEjIi1LRiwM46IIoQf2gnR9lbvIrMGO_tlCk0cOz2m3aPqvm63mN bE1uZkCym7_mzXkDWPxR2APHOSOc1ev8LHJfRPdpb85SmY_eUg8KVb0i5oj3nouukIo9zqzFIuPj EEzYADe9Z.MBHSMzByCYccodsBvJQeYchHLL_e_oSzQVdlmMbnXWZlaa3O03wUyLMTeAT2_HHpbf ey5B_qMHGqfRfxgU0yPTzNTw7Gy6Dq52IgCydLaS50EJ1nWKcX70UXlBiLxeabRIxpVvkZU8VTo_ y3nZfr32BYYZBAmI_AmCOXOgOVHTilJ2486X6OiKwktGfG8liz4FtH3xZ.HdWMFzB8Av6avDVixo 1hqrgthfaNb1idwAMPWwaptP.crDMC82sg7Y7QvkgFTeW.CDuMoiBFAwwfpvx9e8SX5OiVkyPBaT A2GjD88A90OZJvpJYwzzLOXS22GUnr0gV51Ync2o0wKH6gBO4ChTil_g8aiZM9bZeDsnTR0rP2.N .N1W_nqXCl7Dt5Rs56EWwqMEFd8zvmlBWxaaSxJr50rWSBCVzlGf1UtHGHe9ZoIr8mXPg9aG2OWg b X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:55:05 +0000 Received: by smtp416.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID bc431f58c3d808e2525c2432f93caa75; Tue, 09 Mar 2021 14:55:02 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 11/25] LSM: Use lsmblob in security_inode_getsecid Date: Tue, 9 Mar 2021 06:42:29 -0800 Message-Id: <20210309144243.12519-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 852a4764a609..6fa19899903e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -452,7 +452,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -992,9 +992,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c2fe8d6f0238..59cb2c4ad149 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1966,13 +1966,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 81d45b471a62..1cadd61533d7 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -606,7 +606,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { @@ -619,8 +618,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index 67127b6f1710..54bca6d52ab7 100644 --- a/security/security.c +++ b/security/security.c @@ -1502,9 +1502,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Tue Mar 9 14:42:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125595 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4185EC433DB for ; Tue, 9 Mar 2021 14:56:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D7621652AB for ; Tue, 9 Mar 2021 14:56:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230116AbhCIO4X (ORCPT ); Tue, 9 Mar 2021 09:56:23 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:33439 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231830AbhCIO4M (ORCPT ); Tue, 9 Mar 2021 09:56:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301772; bh=O+p6dWZiLzb8GTPf1rVGA6Hwfi8ItL856LdCOZO8xzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=s6p89uL44ot2tw/7a+okYPI22DlRKmBkClfhcFT4zogRg0muetaUKynB9YYifNhzxRMLNl3kXP8g9hvfvBZQ7qFplbLKWbZnp0ScAd9yriu/MhPoLFcy0L8r6wRTq1mp9nNYs8VR2zv5X1m53CBGRCX3yeoRsFmg4aftqWq03M82+cbPKg4Kq+euRFb/GMpC2j+KLBuBgB8vxMCEpxfio7TVX7Sx+0Rvy+zEgFMy1H4wmiehk41cUhSLS4GDMKb6iStt8okczmqHQMEX+LOwjv9uEMIdGP+Gkx+LmRDiSsr4Y+bUJvp/sFVEzusEOllLehVraLssp+oJTzJAzgUssw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301772; bh=B1AIaU84PK7tVSPMqsecyTS7jW9lVoYjbjZEi4qDEK9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aDXAVU0f+ip33RcpxH80caQNtFrIIXDPTa/n5dpdvoGA0xdaENxVMUmtJSlwM5MxIis3FisU7PZSii+iLmpAdSIHlMZC4qlHzz5IEMUCdf2cpb+wXCtKFOD2pPWFuO+6tXOcl7nCiGMEp20GquT0CUoJcUwrBgeVx6q0M5krOq+OpqWD+LJRRLQlE5ah0XwIe1c1xI5yaiMM2JLL3Gll6HRLkL6XsHNwGrCyh/KKCnmzAdeUqTM9606PxaCDV9/yS3SN8lrWElVkvPBGyucp5Tdqbl6BgGOgG+k5zhXg433+2h5yytPbn020YwYeT9VcRFJEIi45rMKpT5P2VbCPfg== X-YMail-OSG: YHNh52AVM1mA6uF2CjGTlWaTpMis015__gHWvwnTIBXF2_trUgO4z5ykID2.3Rq tbcXu0w5tLI500cVV9FHyxc86uDlP1uJr3qe7lL3jdnD83NMyXqDG19by3OWiilF9BEc1TSSltI1 OTGRiDTzvcizhAD2p62w5GIvQ80JJHm.D8RTbosnDYZVk0smXBZefogMyBgw4QTqISTjbSv3KHvV kOExaAYzcrW4Fu4FOUHFRkF0xNqv9FaDNq4ZPkOzaxFon9sBI6VVDHID_oUJZP8jr1l3Ko3MPgPl doVpOhUMoiRtQrJaHNXrUe2gjOU.i16dbl8uX9WySNvzzIpdcLcx_Vhbmky_gxUoB4srDpXXcCzH zz13.Isq2OzGvzWU0X2k4fslbgJE_feVy_K8YmbQeGOJ2AzLsZmdUThyncWW7KzSp4_Yir2bZjSR okWr6nvUDimt95Lzu_gxCPf6t4b_BBKp8RxUEC8IP_kYphGIXS.RFgk1rtxBBFmbox_.jajy_FpH FC96kstOEHd9M1EXWyInA0bgKGFMJE5UWN5_yH3yQgdAVAvAjdkbs0L5BzwQcCVm3gNh7qK7Yymc iFcIAEaygvZmJQU8r5OO.GDS7O35hD4XEpXBJKSL9gK2e7CNFo1598qHhtmkNGiTNEZX0dVc15jJ x.f66VEd6IigZVHy5VBpW_vBBj3zHAd49N6_.7.htJ1CH7k9BcTksY01Ak85St9GQiy_qb79sjNs 6IdTRiWBoDXHNym2hfXe_JbTEjLQQAgJ.18GwAmhq6rRDTumHhbnsVhBvPV01kciAjPdUolzoD5m mjIfIl3fCCz_bPYekXi08lhj9LWLcz1LosuY5r0iUNuVKX73kyCbxa6i78zu1EilIGZJUvWog6J1 c9jLawcF2yxeBGCrBIYA6sGYn_xvbIYA.rEsWQADuux9.A8Cbxd0393OieWiZxr.rTzaOc0VvY70 lPwmqQy4NCH2SajZGUDnGKVJbuGZsN5xOH5vyeprAugTbIA2PR8npozfeNQ.pTbXLwNCgftxhr75 ujNfgxKsHlzxsGtuyi0wnNEd0S58kh1PS7KM8YgSilaGNfkHAdy9wLqRKiN925p9lAZoPeM.qDOp LDo5RjyVSCGqgr8maHN9PN74yCn9JMCKhsnkCNdwlfbCaIO0gWX4enjqK1TQPPNPwPFJUh2sUVjt LgW_udFdzlFnIeiPVtb1nmgFn6oZv68EEcr9sd5kh2ib.cE4V.6mGw3ZpzFbiNJkTaBDY6CGira6 fssPHPKmzDy1UFnxW6VMsncnqMnqt9BkM0lMUsU8WZr7HI9Y8mNCjHlbHYqa7cjBUJw.hjUfTllQ CIkxNamCfFlzAJpphoho3vfBCvaiq4IQJJZayrW.IolI6LrQfC_n4PD_RTX0LGGJBh8NUNj96ZfC .gWPV2WHlDgseQsAgS1kAAtlWlhjlG9g3N2W_6FwHghnYQzMf70hsWif_I_G0gt8I3nHT8ZtNmA7 K.CjesO4_QqymeN0.LR1b.OhfjHKeph4cV1ningnvkpV6nv.ZgdkzQQnUryj4XQYIrJm9NvIlKe0 xwh7zOsKk4UT9pZqmOs7lEdlv3RYBkj8CoV6vGQoA2g9Ed0EF5NVSKriOY5jEy3RCs_.MxdXFIEE wjvdOXQ0WTvItnnzIlB4iLmHaNJmjzUFgsdaUvVbLilHUBVTm25Glmz_uQj.jUoO4Q9Cc27y2y5V .DE09LgNmsH.XT8ExfnYiy2JKQfmWmPk0J7wYW3R6pEs9Sw_T8DPR.5twtKV7uAtBeWVSGk6ZBmt C_dvN6cUq04SZdAsv3LFkIMwyOvRQo4X5RWhq8HQOf.LAREcS7Wzbz6JO0y2DO8TsoxsxbEixrx3 aoS6w2ssl9Qr_EG_kbeHSFDh9vinvbdWkSaJ7zlJ9aSl8l.kWacOS88PLgc_jcuZJh12Q5Hi.qaq yRGw7P_qWcpp3fw.tJ6pk2mdSY4Bnvs1qxOahiwYBKCEocqcb0Zf927M8QdFHkb0czz7fbw1tQ38 ZLfgFTJUIIYQZYf3ih2Y6X0BMLGaEb.6CsjQ_S3GYnvSmC5vyag.lWQKg.jnknETo8AZPHzRHRSH 4bIiHdGWu4LNWfE.pyfJ3s2jqazTmGiW4W2Qx6pgif5pKaWOTejetBrpH3mnhXKgSvbzQcDwTR.1 ClrzJc0wm3z5RjbApa_uwRyKHFEl39Ny4R_DeEM39ASdh79Zkj9dhhtzqbqBfyTUT5x1JZm94QCx utY9rywgNB02UTlEYMeEToAvrTXy812kanPxNpO98yDm6pRVHDZ9t2ECWoPJP3.AQZki5373EYio rfK70deDCjhlzKA27KqaRBPcTY2IEzStKTedK09e67KLnWAk919eC321VVhWJcMw8rY89E55XMzV NxDN_o8TMDag9qILOH7u1Fb06HCJuEsRHx5ZNmXLtOWglxZdSw50.CkFZ98nxQv2ND5z63cDk3tl VzhSB.igP0MO7FobHguyj1f0qgmbFHUwP4UTHkOKKqKDOhFXKa4hWBd3t7DfPcb7rVzo4JzuRDB7 pAuUHEaUiEwJ3siPLsIOXASkvdDJy.xTGvzUPkZgMhHmYMxkB5Dh3H2mAkZdiXLSqooTWOlfeu14 M.6psRd8HP1gNkodqmlLuH083NWZ9k0kB1q6ozVTdxmofOjdh_3BtocksMS7Nh0jXDLw7Zy80dG3 Dc9LMdzi6TpqPH5g8hi3UjKqd1XgUsrxB4oSLoaWiuTMsvbg8uRbUUZslMiwIkuww0J_YX7cxtcz XgUYqmv1EWNdCa3Ow9u9BDS6LrhWqhJ3WzKqM2gHxIPrQX0CjhxuhoO2kX_1XyxdqCiC7DDHNFUB FgocxKgorF3cr8EBvR_SVb2vgK4O4QNvlcukbFN4tRHHAj2.UNyCUzs_f6rONl1vTyDqdpshf3Pr ZMmdwr6p9Ehpt8l_FX_him7mS2iso26.pH8enkxDXVI1Xg8yWPWbI7f5qV8wGiGvCvNx349nsrks yDLSAq0BMjeC4_BA14fZAM4_3ta8_sc2TKdzoBgEMMOT30Am5LxTMcE7zM.TLHXhsUz3PvLggZmq 9U0v80IELqSPB4T0jRrB07MQqFA6r3NnzOJHbnUxBkS8.BGdO37DkFbuikvZ2X13xy5UBJDzeEVF huGZSQCNeWbnsHeDwMyJmlXSfDt.UFAIcO0Xvhlub2hx4swlLrS1wHKxYv8LwirWGFqU_AOB9AQz iVzz_rJaWzc26qesOfew- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:56:12 +0000 Received: by kubenode525.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0ac1cd410e593f27049cb4773eb5c00f; Tue, 09 Mar 2021 14:56:07 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 12/25] LSM: Use lsmblob in security_cred_getsecid Date: Tue, 9 Mar 2021 06:42:30 -0800 Message-Id: <20210309144243.12519-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Reported-by: kernel test robot --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 6fa19899903e..175c8032b636 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -479,7 +479,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index 70df7ac1b357..c06133104695 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 3b9c0945225a..ce41886807bb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -134,7 +135,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 59cb2c4ad149..768989b2f09e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -111,7 +111,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1582,7 +1581,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1591,7 +1590,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2421,15 +2420,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2445,7 +2441,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2457,9 +2452,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2480,9 +2473,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 360c5e3760cc..5a6ba57beef3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -470,7 +470,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid(current, &blob); @@ -480,9 +479,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 54bca6d52ab7..0d9a4b50f252 100644 --- a/security/security.c +++ b/security/security.c @@ -1752,10 +1752,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Tue Mar 9 14:42:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125639 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54EF3C433E6 for ; Tue, 9 Mar 2021 14:57:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EAF1E64F56 for ; Tue, 9 Mar 2021 14:57:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231243AbhCIO51 (ORCPT ); Tue, 9 Mar 2021 09:57:27 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:43347 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231842AbhCIO5P (ORCPT ); Tue, 9 Mar 2021 09:57:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301835; bh=QqERwMgo2btg5WOwgfPE6/j5a3bppCWQVM7Zzy2HQyk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=XqtmEPVYsRrNYxDasOlYd6mtl5i+zLB+COC2qmWzXoUOs4O7sW2i5bBx/UYPQVzZmc1Pj6hX24eJDYooTbevzgoyySQlaQf8e7L97iK/BIXHvaLId28UnyS+Grx2vhrKJGgfzTi8Mg1r/plxtKjOOOkZV1ZDL0P4cuyV1vEeV6NKdkNNAROmJDIPkm/pzP/x3SQSiN6sKtT4ThJZEiSrvkK+yjMWXAHVvp2G817nRaTe7SpIu/WB0TDfTHLD54kEVO5sAyHT835VB8N1miNu+btCO6TVZIhyQQsKYCrAVC3wAZ3dBCG9sgfG4kceVUfApmOyuulw9BRmxO3RUPgmgA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301835; bh=/gKb/lHhq8VXDJ4L0gy4/zRL2os2W46WVSxQ+L4rrxW=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=W7ZIgjzQgriR1mHoQMkcGOVSqxHs5gPmPlWrwXb2KAQYgWuKKWPHfXlE6FLBY8/X6UFRv9BUguC/fy7vcJOkde/w3q1SagnYZiinUQKKnyEwMe7ZMIMYb7JtcgDMtzScZ9W9HlEIUA3WG78Q2gSkj0IiGPLphuinbOeYN/2sfdT1LkrSN+9pvsZKFZWwlGOLD7Ju/syWw+IfFFiXCnA3V1s1wDTP45563HML5kh+HA1CeUwMTnWkiOPBHqLdG7hx5f99GszGo1VSuIrJ7SmGeMHg1PJ5Lr5TafMrhRWRCAGGfziBNBKALKIZ95oBrI5KIUzNdQEup2/6bhjL+ETuqg== X-YMail-OSG: F0k3vwkVM1mQWVLukyOPgg.qEbath3p6RwYqj1ogcacy1Yc5LPheFwS7IKafHdA hYfmaTTUBI589m0XLNK0yxZp8mFYvojfnGfaTmpFx_ja6nvPLR4QeMI2P0PGHGokg5_YnaUSQbIf 9BmbY7CEQstXwRSIdWXTrvLdnxg2gnCXMHAsN4oCZFOKNsPsR9rBfVFmZc1x5s8Wb8v7cXM13jT7 bOtYNuAApBa5wYDJHO9tAklnURCVg7XBgWWlDjBHHc8JmMZYo.wT1l7OH6N0rXMtiSyTOxc4QMp6 6k74BliroRXS9eAqwPUaWg7GhRputn9EWoBheCR4.luErV_osOli93v3mEosmDGoaqBDQidAgW.T 9AyVomjg0ahJjEKbeYlK4E8VYbmKzBKYqnWE1tUOph_3xumA0fujWryRX9i7ZwmPoQiGhgIwEt51 WK74bbpX4G6JbLzZ.SczDx8Ekt9AvcFstIVYxDXo5LoCii7hjOBBt1bAjXH9fg8QwvFLsOebrKSa zKPzmIKXgS27RK19efrffsbePkMJcReK_eGorexvXahnPALZNwrq4E940ZeR58QGEkjg.F50HB9h V36rrmJPSBhbCjaq3W6N8czJNIYD9XYUHHMbmXWvD3SxH07YrR87wLhqRHTx3kNtknJbQ86qgbVp dIOHrmrQkfobmg79BqXg5UCMqj9DZ2HF61LzZY0Gh7VBAe5imYw7mo40vKUnf9qGhZpWfWupPUh4 qWb.6fcxkRVaKjRnq.oTjR8fORXl41WQGxHxrbYQsdb9nZMess3s4qC_wgV.TcoLr3AXik_YfH31 qIzdlogwvaoAL3mF8MV0Chxn3dSizqc_MfG42bksBlptEt3XMKOHvUQ4qibeHScPOIgAreoVgUqS PUfM7K6KZAY36v9.qRFn2P96kRjkhL9pUDxNNipO4wUIHN5nABQKhUaf1pEyz59gCJ8Fde4VO8.u 4tphYQMVqbkffgzUObAt0xJ70CDXM544uqnAu62BLrJNsTHpB5ZrcglZWQQbBqdtqfQOt_AtYH4_ WefNQwr0Pgi4IarAMxUS8ENu5M6zN2ehG1rDo4Zn5J6xovmX_EAY3BauVyPuLfq7qws545L9nr.o t9jy5kVURrhRtUOVQYS0ykwgBwCc3FidOtBs3byyfLFfAWpIMo0h2x8sazhhhO0bd9bdWefbkwcn _diz8wcLajghJxIizjWfhEu3TgyCjs6BUWdTBcl94vFlut04VGXkzJXkTaoR.Zl66lEh11qd3WuI 1.qgQ9jO7TVeO_MdNKNk2xIS0AJMdHBGiS_KFHN6QSJdCJlf2irgaV4PYgD5_URbKSwTLfXhjPOb QBSh7pem4.WKvCpBrRllxnxv1pSTXSjU_TxZZa3UK1lg4lJwChhHHKD5q55qgJzpYQ20fbXpL0ar 67Jw5xNBdlOhTzjd2MI3TEqbA82rmS54f5p75zY93VZgRxFpHrlsgdVI1E6MrErPq0WY3BGmCzlE NfbJ8yf5pGbGRM5SYJnqmRpEBDrHL4xW8u_DG5HXmlug148f3o0SsoFK8VFEMcc9qv1yH9wKdeBJ BkulC_7eXuAwiK5C0ONf8qyksTHL4.FsRnaZ5YobG.UM7n3uSDqAxh9W5a3231JmldqgkUmTRrht TZFdm7GAG9fcuu_dkrcO8peiiU58r6QGoBTnrvQobQvTaeRq3WfDNWgAvJd91Z6mzmHz1N5y3NlZ c5lmbRTC9RX_nJuOF.QwTKmGbeT2lidL_Ba8LvE24OFdxp3I.36uhuQ_YsjQ1ecSNC8o7ngWfJlR P0wXYrH0fHAUyb0BDIBwnTWvT87KUo1SRs87jOCWEyQRndDFXzJdWM0Dj6TbV4yUfnvUtxe.NnT8 sxJqPskBkRrydp8UABsO3KwCEH8wtmIoU6jdKqXB3cg8esmhKkJLOBba3k4DW.8wp13PEphk0W.F REMMqayRmhb5fISidZXRHdG6yY.xdQtlXKWhNZXMNPpkfSKgX5GwB0gG6nugbFa0ngD60l3BTXJS yqDr1whaM.kb9wcxwWwuaiOlFq4oCuIpHkEIZo6oFlp5.ziIgfIUVW97_O9dnzgmgBZeohKQ5nLe HBDeI0WExa69EteGWkd2q1cjicoaSWCGhntAgvD15_ZTgKRx7o7FwGvCMERmrqed45gDedgDwPc_ Zdlpqrv6XpfzsAY.sko.xAIwbf8RAqQLuCkqQo4ux9CiH_NSsI1Dfa71ycM8SXnROso4VNzNjzn0 oKBwhSVkqZRTahLz2Z_h1x1aaS02hG8mkyBRO3zb9xyY9IM8YA3PowNQgKs3U2YO_Jschl0ylZab 2_jrcOenLLZ7Tqh5ql_wUpHTqxXyzWbCp9Bmnp44vpgyyS4nfQyJN99Aw4ovS9GiUt4LmnavDFhW 6x.8T3SLL7tULKo5mrNj3Sb7G03_eIPjdrN2zSEjfpNyq1oPIAx7IwvPLYAQgAgqwlrsKhy.RCvw 3.0t1bpznC24fsSBIN568q0HM2fZM144PU2cqxqky_Q848Y9wANFKdW.xtXPqnQtVRjqVIx6tlrZ d6I9l4uvVZZ_D_1Yl25F9YkTWdID11plxcnOz0oBbUhcaxAAuoNEM2QtXJOWIGbj_.LBfV0Y4n2u u3VxYE6_nOcswDV75CKHTXU_hLESpKeCKCag4Xd.kU9AYLoFSdYUP66YbrZ_N8tPytupkCwmNhMX gEInab4bXopDM8tRYUrZ7IorsnJv4_s9g0v6uXCXqLa_W6bqqONJ_X0X_S8JEsfas_OvCnqki2C4 KfnYAx..KBuNBemoy0YmRUYDXamIovwldhsK5o9KfRYkF6D7c3Kq6OEQXxTzpaOVCklczBjk0k5_ mGbdWWPKk7OfAKw8p0ZqY7Qm2oX4um8d6NnccFi9as8uXe72UjZaKDdWZ9Y2Wz3Hs1qAQovaqp9a M39NLB30YgxOMY26wsKAxA.sulIwFRKkotXxrGjeWhOw6aVwl0mr6kxZlgYikCC50NyWOlcsHdpi Y4Xel48yrF4uV2MQh66Drc9NhVFD2Vw1mjFQhJTdiaEPwHKQ2588N7kZHe43nxNx4JOQ3KwsmThw SdQBxW4aK9p0g0kVV24BL1_yTdXGhSW4I6nwLoYKQpCGiis2UXhuyEtLaEbo_W8vDDIJZxmptUYV InwrC9LW1oZFeNUXVbQMDZ3RsTHtAROVF_pAYbh07WGvPHwCrbcndH4K5khu4XrR1Vhs9I2q6_zW sUqt2m0RMRV7xtLl5oLWw9Q7sXQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:57:15 +0000 Received: by kubenode504.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID efc2df495bedd108fa3fcdc39bebc0f6; Tue, 09 Mar 2021 14:57:13 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH v25 13/25] IMA: Change internal interfaces to use lsmblobs Date: Tue, 9 Mar 2021 06:42:31 -0800 Message-Id: <20210309144243.12519-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 6 ++--- security/integrity/ima/ima_api.c | 6 ++--- security/integrity/ima/ima_appraise.c | 5 ++-- security/integrity/ima/ima_main.c | 34 +++++++++++---------------- security/integrity/ima/ima_policy.c | 17 +++++++------- 5 files changed, 30 insertions(+), 38 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 475f5622a903..ec3094f6b302 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index d8e321cc6936..691f68d478f1 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -185,7 +185,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data) @@ -194,7 +194,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index ab0557628336..3b2a4d3a2189 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,10 +77,9 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid(current, &blob); - /* scaffolding the .secid[0] */ return ima_match_policy(mnt_userns, inode, current_cred(), - blob.secid[0], func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + &blob, func, mask, IMA_APPRAISE | IMA_HASH, + NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5a6ba57beef3..1ca861c5628b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -194,8 +194,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -218,7 +218,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); @@ -392,8 +392,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -434,7 +433,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) inode = file_inode(vma->vm_file); /* scaffolding */ action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), blob.secid[0], MAY_EXEC, + current_cred(), &blob, MAY_EXEC, MMAP_CHECK, &pcr, &template, 0); /* Is the mmap'ed file in policy? */ @@ -473,16 +472,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -500,8 +497,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -692,8 +688,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_READ, func); } @@ -736,9 +731,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -882,7 +876,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns, security_task_getsecid(current, &blob); /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - blob.secid[0], 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 1cadd61533d7..3ee9f7feca4b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -546,7 +546,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -556,8 +556,8 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, - const char *func_data) + struct lsmblob *blob, enum ima_hooks func, + int mask, const char *func_data) { int i; @@ -626,8 +626,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); default: @@ -670,7 +669,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -685,8 +684,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data) { @@ -702,7 +701,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; From patchwork Tue Mar 9 14:42:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125641 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 318CFC43381 for ; Tue, 9 Mar 2021 14:59:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EAB7F65239 for ; Tue, 9 Mar 2021 14:59:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231622AbhCIO6c (ORCPT ); Tue, 9 Mar 2021 09:58:32 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:37993 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231458AbhCIO6Y (ORCPT ); Tue, 9 Mar 2021 09:58:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301904; bh=1bJns34HrbIVgMrEBletH0I1iECyE9FyLi/OCydtV7g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=NF1IgvmNdxu4yp5RF7niLbKiHcN8SWhWo1KCrMhD5dtTMuuUgb+1Du2OfUvmCp55Xg6gc+RuQ3cltHsJZy4rZeZ0uf5EnUHmO3XKTZ/lesrByuoiLQVqC62Yf+gOj72GXrQR8DkazkHAwNwgbz9lwjnBpUMyq0N6msgXDwtt9hZVxOzCqJ/t5XyAkZ2hTbW3L+Ac090bsUKO9fX4ZiaedoeUIqo/aUybc2ErE5eh+68HVgdup+iIfi9CCmx6WNfRSDDE74SzKV2tteR+dLRwZRQFRDJlkEQoV9Dv2uElv1H48SqPfke49NudE6daxJRk2yMvsZPTONBOtdcpuoRM6A== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301904; bh=dNddzbjEkPGr5+OsOs+nxTmLkkOm8Bu4QEgdkg/Nf5L=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=dOzlH+BXxBNV9ADjiaBB0w2uC4XXfaJEU47jKA4jXf8iG6osNL3/PaFjZIQN84vW3ptxbVrZIcWMhtRDU7UnYhfSreYpXsAZpV75nJOtdG0c+JYXcJCETBaVX7IJ49tX+uC/WPYdlTdB/3Tniw8U9yXwaMj8X4uRb6zLrqTDBZuNxY7+EZ94c9xP87JwxDbTsN8KD4FycehZyP0r/iR6IPaoCyop+3zEHnBFdOB81Rit/NanthLhLgMOfFCpd4P2hHxuUZHAnWRA/tSMmoYpreSZMKNyr44qW/0LaPQf1O9vXo4BIVQs09fP9rNbYYeDAraHe6rTVR5rk6zpt4uteg== X-YMail-OSG: h2.T5GgVM1ly89IbgrG5lCRSoYorRPwf._hW4ZNPVLw0wlE55LTrL8LxPaskVPW 0HFxymRtWTEenx6eg5gyqy8.o98xrKCJhR6b0XpegiWQGKL3OW0d6AH03hteHjL.RB8I1.XlYuY0 mYxok16cK0zRxEME5WwI.oWig7JL6jpnHWlWsdbxLZ.gmm.cnkePYTMt.BnPzNTaGSR3QcDAtXAC SGe0vfTsh_pTw0Q_zjOIXFjbq.7p7hDvUzRGggxphvF2bPopeZGgVe6LCkjoAMB2eDtzBU_ysWP6 T916yye47UD6Xjnfn9kzoctJTIkiRJJyhN9k1QylLaK.7bE99M5hHn7eYmJZWnLQaSN2sGX759VK CiLTyUucCnkkLDUsoo_utRheV129BKwvMfRzRVC_teKubb_7Sryl6OrqATe4zW.PRyYUPBEa7Kqe VUwzXqQc9KaSUxZ8NobufUimjS1F4y6VDRz3o9uq6H9hZ1wxlPLIuo0JNwIdbhljFrC17r040l6X O1lw_JUlBda6tdXCz6OfZtNYrB_MaES36DaRxekWWAuadVzpS2EAFcivMV1h.ldrFkbjgMT0xtAf Up1b5zVsh4rMRyI21elS36P8.kiqkFUZDJgyuQK6MMDLORkIMtiiQrsK8yBznD9VqLmiePCEjMG6 XN1UVR4yh8DjWOp52WJNvmwDsHaclkLkffCGWnCZsy_ksQrA64RED2wK1OuQ_2pxnipsjr2AdOSm 5h0ULAheQfENqc9ipPOz9Llb6jVoTxDqsnJmI_jFl3K0nNm8Ff9WjNbCCZypgO_IbPcUthbWv5LZ 0jzcdXPmJF4Qo89M4ozi4eUF_g_Y5DgJRMfG2pRV3FA.Dbk5w4PwSb4YAGhS5d_jvv_JTp4ppeAj QmKqPUQxKh1Bxpm09yTe35vKK4MPdAeR7wZ37r6.ofAhCsxmE_oMu_ZL8_X.aNsAnp7vpGnQW2GO Udyd4_XYirVgsN58hrUdMogm_s0DKeb59ahSthbxxxHocmegdt.yvQJv0AvF79Xk9DAEHGd34qa6 sMAMjXKtZC69LSjc6eH_fZFxfS.KF4SPyTIvv8rSW9BOHXx_Ag.bphdr_0sL62gWMQuYVhrGvLS1 YiIGUQPLOM.obLIqhpJqS0WXE72sE1hRXu3fX5CKoLO8C6DbxoduNHlK0lRNK8cWYbBeCO1EZN6P w8wiar70w12Ik.Dq8H61DkauB2hIlcMuCkST70KoJgDsPl8yNUa.QtxceocyQFQbGwwpfSqgQbxw S_QUqBme3R9rUQGXXoO80Yx8Z6Qg1roaceJnh.1D6MSYhksYU2hAuto_2TjTZr1KMpfgGoh4QkrF ERjbnE5ka7w7Y2YyEepoHEJwTBuaWStKGS3lOYI_oqOf1y9OYIE3CNylsfK1c78M3qwJJG9yhPmG twDYlz5kQ6WqPx_OIo_3cSJGLP1_zyOaiQFpDfuId_qyCYvHF6PXSOz9_iOCerMeeswmLRZg_QXc XYKo5VKE.p6zPc56_WhdaubxHfMVpl2QR5xKUN9zyeqxyWYLT0pFX0vu2UCjCP_ROQrwUUtKKQk6 nBv7i4fqViKvW5S2dYkxjwzVgpNqSIyhpBLU_22L_B6fWPEmpnLSNhi8ZQpa00dr13uN1KkwBLKl RkoZbnzUAfBwUg7.AIr0zFL4E0yz8s5Zcb4A63WHdhdnrggEoK2yuHS3CWyLGjwD5QAxcffiunwQ w34B3iXBI9X2whLi.8.IJx90t8y.n0b.pCs6C8r832gp1pZ2_Z.BrcMhz7EQyT.QkdcNMH3l.b1X DWr.Ktfsgmo4jcobAk8THKnXjnfT43Gkj.bwJfe64QWkt0CjkQ.f4eRPkqnCxTzrloGCmIPj9ME2 Jk5ER11NOGZo7M8gCL1_TXyndmOryyQC5Y8z71QDtV0raWNeuOrngqv3uuv9Jbvsn5fMKYabAFol N1bsOhmLNewUKRGMzjkz2Vj0zBNZbCfsl.OsGjZYt5c_1WX2CzA7og9rPYNgBAHEWTHk6JcnbmV_ SfJJDez2CZR_a3tpNGxefcJQ5IVsPLJTqSf1qXhiarKoqOqxVdlWb4lO1tiKSAnPkZfHTii9Tbpv 4q4kylRXbHk6WJV7xYJaF8Xj03A4Hb_MeA53DAj4lnmKWJGcVyRKlgDiHQvzPTqj6s4zQjPvCJx. HskMQnYRqD80AaSAZJwJ68BKQ0ZcLW3fkv5m95MQNIxOKSmTd9LEiIpcfTdZOj_88d3FXo9cRvn7 doHhRK2w.KMn9BlV8DEQWtfn_bMZSmYKtYk2kSWIOUv_Zf.BsF6nOmZZyjFghIA3u_ht.umPZHzw Xa_p_.yy1s713fqryNp5eLOVdSlmxDysejXCtHx4nTg6tPbPPgh6FTVaQ.CDh84Hn6dNxUNhcTx1 On1fCrO2GSXFfPV8x2PlxDdeNF8fU9f4QHvx60K5mTXyjqe84zjm8RXlOCbYOPM8g0bcHsxol1eu fHVk6XvYaCRaWggiU8hKVwp5pIJIWy6YHbAHZj_i9PVJ1xRp8I_SbwuqfU6kLl9sRu9zDRxoWCrI Ek7F4..AllmOHn1HxkRcrEg4v_25svlbMqjYmkOtn8IBDzD2nGKaHVCuQDRqk21t07oBSPurpQGw XSM7SuTSSgGiXvgb3I40Iv4wCT.hzabDcokQ0ofl9kqSjMNNaeSVQC3ZtJYl0GsgtZw71dZjpqwu pTI7oILTsl4kfP0xyu3UjgVokOWhEB1VOMzntVwy6twPgxCWNhIgI2Kczo6A4nJEmOms2ph1XNL5 ofzAD16I.3Fynv0s8XUXCbI5ohLlKtl2QuyCxbf.B58nXSheevDomCXrkWcQczinkSWo0s0tN6qG E7Irr7guSVnu0lFEfJX..vQQ8A4kweUsyW2UntilH.q7gWgkQUKe4ankWNzxvDbbxbx68NAV_4fa YOp1Yx6glflj.4LAK4MU8YLWY2J1ZSDcxkw2cLUliEMAh37ws3.xuEwOMlEQWgbdBg8MwRBZiqpK iofG5vFXli_g0KltXezXgEDrm8gII3WKeiglQvl.VrpJb3DMzYB4tde6Mei3hGVDfZVS5qKn2Vkx kjOJZP8SojimXYmW_9nI7v3hDpuVWqjhSICe8fI15ryzvA1UQMJlT7kleqcGYYPNOp28IiMQqLK2 FEUMOy6MSVjTVQVId8DV.mhF1GuUiYyOWijRUdsyrwhhxfDHnlrXiWBhxi2wC8z7C8HXi2gHJPnP hD8Ok8cOMGktV.lgKjHOKVEWzRwxpwkSKHfShR1jDp3h_oZMa_iEVFSBv66Ljb7lqqkmlPOhNbof iXiLjqhGQqYOGzq7mfFgk.nWRT6W4eomU4.AfX.qdJiR0brntWJIumsUaXk7LHytKZJ_xQJypR_R DbRLKptYurWk8ZTIJvadS5UwkiXaOY3erNUiWyUD5C99kdkYAyGSzYU_1w81tCbwJ795Dy4X1Jzc CLCFAzeHYFc1ILl78G_msf68oNdCbHA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:58:24 +0000 Received: by smtp407.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1cb5fffb0b4bf4c1c5e9539df2a6bbd7; Tue, 09 Mar 2021 14:58:21 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Greg Kroah-Hartman , linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v25 14/25] LSM: Specify which LSM to display Date: Tue, 9 Mar 2021 06:42:32 -0800 Message-Id: <20210309144243.12519-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new entry "interface_lsm" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "interface_lsm" to set the value. The name of the LSM currently in use can be read from "interface_lsm". At this point there can only be one LSM capable of display active. A helper function lsm_task_ilsm() is provided to get the interface lsm slot for a task_struct. Setting the "interface_lsm" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen SELinux hook provided by Stephen Smalley Signed-off-by: Casey Schaufler Cc: Kees Cook Cc: Stephen Smalley Cc: Paul Moore Cc: John Johansen Cc: Greg Kroah-Hartman Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- .../ABI/testing/procfs-attr-lsm_display | 22 +++ Documentation/security/lsm.rst | 14 ++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 17 ++ security/apparmor/include/apparmor.h | 3 +- security/apparmor/lsm.c | 32 ++++ security/security.c | 166 ++++++++++++++++-- security/selinux/hooks.c | 11 ++ security/selinux/include/classmap.h | 2 +- security/smack/smack_lsm.c | 7 + 10 files changed, 256 insertions(+), 19 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display new file mode 100644 index 000000000000..0f60005c235c --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-lsm_display @@ -0,0 +1,22 @@ +What: /proc/*/attr/lsm_display +Contact: linux-security-module@vger.kernel.org, +Description: The name of the Linux security module (LSM) that will + provide information in the /proc/*/attr/current, + /proc/*/attr/prev and /proc/*/attr/exec interfaces. + The details of permissions required to read from + this interface are dependent on the LSMs active on the + system. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are dependent on the LSMs active on the + system. + The format of the data used by this interface is a + text string identifying the name of an LSM. The values + accepted are: + selinux - the SELinux LSM + smack - the Smack LSM + apparmor - The AppArmor LSM + By convention the LSM names are lower case and do not + contain special characters. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index 6a2a2e973080..b77b4a540391 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -129,3 +129,17 @@ to identify it as the first security module to be registered. The capabilities security module does not use the general security blobs, unlike other modules. The reasons are historical and are based on overhead, complexity and performance concerns. + +LSM External Interfaces +======================= + +The LSM infrastructure does not generally provide external interfaces. +The individual security modules provide what external interfaces they +require. + +The file ``/sys/kernel/security/lsm`` provides a comma +separated list of the active security modules. + +The file ``/proc/pid/attr/interface_lsm`` contains the name of the security +module for which the ``/proc/pid/attr/current`` interface will +apply. This interface can be written to. diff --git a/fs/proc/base.c b/fs/proc/base.c index 3851bfcdba56..10de522f3112 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2807,6 +2807,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "fscreate", 0666), ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), + ATTR(NULL, "interface_lsm", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 5509e4ed9829..ab08da884b2f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1670,4 +1670,21 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, extern int lsm_inode_alloc(struct inode *inode); +/** + * lsm_task_ilsm - the "interface_lsm" for this task + * @task: The task to report on + * + * Returns the task's interface LSM slot. + */ +static inline int lsm_task_ilsm(struct task_struct *task) +{ +#ifdef CONFIG_SECURITY + int *ilsm = task->security; + + if (ilsm) + return *ilsm; +#endif + return LSMBLOB_INVALID; +} + #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 1fbabdb565a8..b1622fcb4394 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -28,8 +28,9 @@ #define AA_CLASS_SIGNAL 10 #define AA_CLASS_NET 14 #define AA_CLASS_LABEL 16 +#define AA_CLASS_DISPLAY_LSM 17 -#define AA_CLASS_LAST AA_CLASS_LABEL +#define AA_CLASS_LAST AA_CLASS_DISPLAY_LSM /* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7d5559b4c417..5bfd313a7cd5 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -621,6 +621,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, return error; } + +static int profile_interface_lsm(struct aa_profile *profile, + struct common_audit_data *sa) +{ + struct aa_perms perms = { }; + unsigned int state; + + state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM); + if (state) { + aa_compute_perms(profile->policy.dfa, state, &perms); + aa_apply_modes_to_perms(profile, &perms); + aad(sa)->label = &profile->label; + + return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL); + } + + return 0; +} + static int apparmor_setprocattr(const char *name, void *value, size_t size) { @@ -632,6 +651,19 @@ static int apparmor_setprocattr(const char *name, void *value, if (size == 0) return -EINVAL; + /* LSM infrastructure does actual setting of interface_lsm if allowed */ + if (!strcmp(name, "interface_lsm")) { + struct aa_profile *profile; + struct aa_label *label; + + aad(&sa)->info = "set interface lsm"; + label = begin_current_label_crit_section(); + error = fn_for_each_confined(label, profile, + profile_interface_lsm(profile, &sa)); + end_current_label_crit_section(label); + return error; + } + /* AppArmor requires that the buffer must be null terminated atm */ if (args[size - 1] != '\0') { /* null terminate */ diff --git a/security/security.c b/security/security.c index 0d9a4b50f252..df51140a4d93 100644 --- a/security/security.c +++ b/security/security.c @@ -77,7 +77,16 @@ static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; char *lsm_names; -static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + +/* + * The task blob includes the "interface_lsm" slot used for + * chosing which module presents contexts. + * Using a long to avoid potential alignment issues with + * module assigned task blobs. + */ +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = { + .lbs_task = sizeof(long), +}; /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; @@ -667,6 +676,8 @@ int lsm_inode_alloc(struct inode *inode) */ static int lsm_task_alloc(struct task_struct *task) { + int *ilsm; + if (blob_sizes.lbs_task == 0) { task->security = NULL; return 0; @@ -675,6 +686,15 @@ static int lsm_task_alloc(struct task_struct *task) task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); if (task->security == NULL) return -ENOMEM; + + /* + * The start of the task blob contains the "interface" LSM slot number. + * Start with it set to the invalid slot number, indicating that the + * default first registered LSM be displayed. + */ + ilsm = task->security; + *ilsm = LSMBLOB_INVALID; + return 0; } @@ -1688,14 +1708,26 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { + int *oilsm = current->security; + int *nilsm; int rc = lsm_task_alloc(task); - if (rc) + if (unlikely(rc)) return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); - if (unlikely(rc)) + if (unlikely(rc)) { security_task_free(task); - return rc; + return rc; + } + + if (oilsm) { + nilsm = task->security; + if (nilsm) + *nilsm = *oilsm; + } + + return 0; } void security_task_free(struct task_struct *task) @@ -2113,23 +2145,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * lsm_slot will be 0 if there are no displaying modules. + */ + if (lsm_slot == 0) + return -EINVAL; + + /* + * Only allow getting the current process' interface_lsm. + * There are too few reasons to get another process' + * interface_lsm and too many LSM policy issues. + */ + if (current != p) + return -EINVAL; + + ilsm = lsm_task_ilsm(p); + if (ilsm != LSMBLOB_INVALID) + slot = ilsm; + *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + if (*value) + return strlen(*value); + return -ENOMEM; + } hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && ilsm != LSMBLOB_INVALID && + ilsm != hp->lsmid->slot) + continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } +/** + * security_setprocattr - Set process attributes via /proc + * @lsm: name of module involved, or NULL + * @name: name of the attribute + * @value: value to set the attribute to + * @size: size of the value + * + * Set the process attribute for the specified security module + * to the specified value. Note that this can only be used to set + * the process attributes for the current, or "self" process. + * The /proc code has already done this check. + * + * Returns 0 on success, an appropriate code otherwise. + */ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + char *termed; + char *copy; + int *ilsm = current->security; + int rc = -EINVAL; + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * Change the "interface_lsm" value only if all the security + * modules that support setting a procattr allow it. + * It is assumed that all such security modules will be + * cooperative. + */ + if (size == 0) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, + list) { + rc = hp->hook.setprocattr(name, value, size); + if (rc < 0) + return rc; + } + + rc = -EINVAL; + + copy = kmemdup_nul(value, size, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + + termed = strsep(©, " \n"); + + for (slot = 0; slot < lsm_slot; slot++) + if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { + *ilsm = lsm_slotlist[slot]->slot; + rc = size; + break; + } + + kfree(termed); + return rc; + } hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && *ilsm != LSMBLOB_INVALID && + *ilsm != hp->lsmid->slot) + continue; return hp->hook.setprocattr(name, value, size); } return LSM_RET_DEFAULT(setprocattr); @@ -2149,15 +2268,15 @@ EXPORT_SYMBOL(security_ismaclabel); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], - secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + secdata, seclen); } return LSM_RET_DEFAULT(secid_to_secctx); @@ -2168,16 +2287,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); lsmblob_init(blob, 0); hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secctx_to_secid(secdata, seclen, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); } return 0; } @@ -2185,7 +2303,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); void security_release_secctx(char *secdata, u32 seclen) { - call_void_hook(release_secctx, secdata, seclen); + struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + hp->hook.release_secctx(secdata, seclen); + return; + } } EXPORT_SYMBOL(security_release_secctx); @@ -2326,8 +2451,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + int ilsm = lsm_task_ilsm(current); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.socket_getpeersec_stream(sock, optval, + optlen, len); + return -ENOPROTOOPT; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 96c560760c4c..3141ed8544de 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6434,6 +6434,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ + + /* + * For setting interface_lsm, we only perform a permission check; + * the actual update to the interface_lsm value is handled by the + * LSM framework. + */ + if (!strcmp(name, "interface_lsm")) + return avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS2, + PROCESS2__SETDISPLAY, NULL); + if (!strcmp(name, "exec")) error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index ba2e01a6955c..1b4a42150871 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -53,7 +53,7 @@ struct security_class_mapping secclass_map[] = { "execmem", "execstack", "execheap", "setkeycreate", "setsockcreate", "getrlimit", NULL } }, { "process2", - { "nnp_transition", "nosuid_transition", NULL } }, + { "nnp_transition", "nosuid_transition", "setdisplay", NULL } }, { "system", { "ipc_info", "syslog_read", "syslog_mod", "syslog_console", "module_request", "module_load", NULL } }, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 023876c3f3a3..576f412b8616 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3511,6 +3511,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size) struct smack_known_list_elem *sklep; int rc; + /* + * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm" + * to be reset at will. + */ + if (strcmp(name, "interface_lsm") == 0) + return 0; + if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) return -EPERM; From patchwork Tue Mar 9 14:42:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125643 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14A0BC433E0 for ; Tue, 9 Mar 2021 15:00:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A1364650C9 for ; Tue, 9 Mar 2021 15:00:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231468AbhCIO7g (ORCPT ); Tue, 9 Mar 2021 09:59:36 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:34830 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231417AbhCIO7a (ORCPT ); Tue, 9 Mar 2021 09:59:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301970; bh=LSU+EkqD0c5zRZoBe+7VA8ArH3JWctcbCO+fWVyN374=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=r73yZvrhDSB1Fx4qA4GLJxcTrz8gn1KBiPBUjdQg+ycwIvNDWruWd/pyUpBq35eGjETliUeRcmCn+CLEXnE5X7jqvQD47xM2yDjYcGmBY1+0EnsXgGOoAAcDuf/SE2S1+uAYJbArgKK1rGZNL/Bstc/xovN4muLCHIlHwZyilgpohs01yGkb8hPnvK34/NWj35zKjQ02bwWzuFVSdDPjXPLO+GzlT22dOVTlMGcCsszNEnR87FDSKZtCqX4Fw1zhKLfTSd+YfGWO80mR8u8rDnguTFmQytkevU1n+3lsVVJU0K6dRC1hUrIpYBQtOYbWoURBtHaYSAj9cjc48eec1g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615301970; bh=eFZhiRHekSkfhaVLecz7mGCLa1rzi8m3JnPk06ZRbct=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=TuQRETmVuCZcLTL2GPpO9UdT5sSWV1QWlAZ85UMZrIfY+S+x/fT+Zj1AIaxk+A7CLnswQbUVkOAiDd+VBtay1z6WJ0atZYoPupcu9sB6n53Ea/EYEWijfGQ6Ljvo8cYOfNJE5PTzN1dLN+bX1pqRsx4vCLWJ43Nh9pPqEWMOOhocyo66hIUlghTtvrLvvke5JGpLTRG9ppzBctfu/hIxf6rLm4VxeAlkLsCgI9iYNxAmssQo1gQFdxsLgv92WW2vfg9CSNBKkiMjZw/7X8CsrOpz7puMwpbwPw2HB3H/wPdqLCNQ1eDjgCfIV8zhpn+rqW0htCDW3jidpv+XiaelTQ== X-YMail-OSG: xo5VtTwVM1lU4m8go5gnkjbknMU8xL6rVdR62umuJiPNBKOpyMcRDbcNftd_6OX MHi.sppbit_OyHT6LnCeVSuwM9esf53gBgTgOW6RviC8d.0oIF3JTYlLjkZeNv_GEcZtor70Iuan VLOZZ704YWCwT.Ke_H7sgWyCL4ZLXh9qBXDBywChD8lBtX4H2YeDU6M4GLSlQH4EYXqMhN606dnk URodDX8ZTHiLG5GF.oM4wpXj6WSCkh9o1mGElmKyROAKWd7bkYgszBY5FZyyEjkMAieSB3Cig1v9 JoRIp0ucNdj2RIrqYUyMhs_dtx5F3FJDpFbgHitdI7D8V3vVkbJMFnudwLv7dkHWRmEc.FJYn9Tv lOqQ7i7WXT8bjNWLZ11WBxP.qfVqj.kljcsQOIJJnQMmmnyrKIppoebfE1xboaF6qTMexjJ4YaEB 7BLO5ctsji4qA5HbbRvdG8Rh72M7tLRhBqJO1OxCLn_1Z3c.AFBSlUjnLVRKdRo12Wf_EjYOgAyD CmgbV2Liuh_z4bXpCkdxkk7nHqQx5h27aqLjjFe5d800kTahWFBnUxQUhSQofr1EapyE3J.osbnT fbP7oakpTfmCko_NmmqbuZwFnnWURcEVim2GoAYOu2s6SnRH7dSauUlHeYrR.C_OiDd4lPIDOX1g Hu9LQlf4QLo5HwwrGVcWmpjkihk1f.A_cozg3VHHK7DETKas_UUDBOPHJk0YUCwYWeqIILZDIDQJ gwmVn6YWbBcfnQ5.v0VphrZZj3gwmkuHcYxNEaMXHjQatpX4XajkWgFupng.YsNdzQuwZLMt834S jQa67HuPckVQdENEku.veZuSauEGTLa9dQXjlBTySNROS3XGcLsjOP.3uOo.vs1klGEBhAO9HMtT RirVTC9gcwqietpZdSZXj7YLLfd_S2fqAhAwTxsrGa1uYFLIpNhX4VheAAWwkerFQCMt0SpPXKvx UF.SemH2ckuPU_MJG7Ry4L0iGP2glIpFNVllueNXRN80LN2AC45Lfp5tIIhj62WspB.OJbEultY2 XUSZmjmS6cK_ZpzARmQ7jfAPPZsCe0qrmO7aw_1uBm8ybM9VWomg4aw49OiEYYVfE_.3RVtY.4_j 26FkO0.cWoAhsqwGAOHice90bHnn62qIf.zpED1dODCcqsxmoRs923_q_1iHSg72Yuf_vxeeqlGF V4fUXqIj7Rls4Tq5oX7nk92_TXcChhqilHGoWsTHmgTDVaWBJQUY3lCDZL7FnBHNvZWQPADz4V3m pqAEEyOSzqDKNElDJoldpIkVfrTER3WZZu8lNfcLMw0kYH98i3ierzxVJ7QtVWb7qRPrvnALD102 ODGWgbuP6WAKnlo3r5aY2Y2DfO8jgk3TvQlejtVbZzBh.FHVRReKnmE_9KlUfgiHrwZ5e9xaTD1d o6CalHvB.NWyqymjwHTk9isSs6vXPyXo4vajfu_fkQBbzuhH1tkVriePGeRAScYymZEtfle98Ycb kyAtawfTPGBqcAU7XHyTPl_4R7L8UwrYyc1Uvgs5d_fFgaN0w1bSsFW1WEBwQ1MUz4Juip_fgJ9I xTWue4zZr_5DKSt653s0rUWxfi6Ot5RIiWpMWDraCKzkXVL7ZTBH9DzBDqFhhYpjFiFgjYPJ9R1. QFJin75efTp8hGI_WL3zZ6e3waDMCOX0xlXHsGvV7CXdYHNCWiZmhv9GzVqziHNAcCsd_RwYftHV 3m7prD5C4._zV8vYp_TmfN0hIaK1FmbRK3SJmpzh2BNUIuLCVIdm9H3VJJpJ812qUwYIlwuQctuZ R2MyDIozwBw5y2x2qo6jU0hl.c.SeR5y.9dhf0r5FP9r6oHwXhHnF1jgVycq5up4Fg93xpF4NHDX 0f8UepgoaK.Fip9VFpDPknum6e2WCkB2le1dhaTHMZ4bx7J3NWEtrJtBDh5qUvFSF2lXLfel3q.Q gVMbiETlhIB2x_jNBWFZ1.Z0pQ6g0PZkCP4ck4DfdW5wNtpTN3uDNuG4QtgnL4sbxF5w0N0rp0wk rjgIf58aK6b9qCYFDFhXkgQsDbJgg3UjY2edgeeIM6jFWwz2IpNLufCEVtYn8sksyDaraMFOFfSZ _oY9GcLi1s2VjRBKHm9xLDIrlJm8X0Ty3HfMA2OrUa9YhTxc0ydGRLCpfJ_og6HwYJHoaW.a2lGd B_yUbGzXpOuI6JnsfaY_vuXLZHSdz73cnJM1U1D4QK_cF.sOTw7B.fs4qgyicmOek4y52wgwzz3t WKNn6ynQDwcVC1UpKp7DnB7MYoXe82UhIiJgsmcmJlpniseKYsUrjFA1eCErpaHq4yiJgL0ajTAm gzy0dJtofK_h5ydgNgh9W8C9MIzUl12wUHEMM6b.uUjpd1_7thDxKRsiFwWo41CpA1RSBBLM.xs. M6PAWhB39I372Nb1KGJU.F_.qL_v5Ea2FymHCQZK.XXRV.vmVAtBaZzEZnlegWRCwBOaJlrxBbbw .DzaY4.tdRjNqqE42CRnWNJ0GrLBVWR42wd.EADSwJc3UurLm7biyTOijuqIWDeDFsO5ciMYbf_L Alit9eN1.oqSsZ7kObpIfaxkZgvuYaiI9PB6F5ZKMopX5l5akklCx671LcP3nkzxp3vbUxPy1_L2 viv5TdqS6raTv3CKmZq4D4KopShkKq9UxxURl0U19LsHIozdoawEO7HOdxa6bCQ4UaW2PmpTLqmj a9RhApM08mYKVY6nwCRxkSaDJ5OVcHWWTs9OlJIODF_Enlipbjxz3C.OIrGpoIum_dyJM2FE0YZa BxlgryeKlVwF34e_r3tu5ymK4pvtJ0lYLOgplDVjNwPYMvdpe0tJ5RRdLwLjqnchyAEgJdkozTxR bFCKrTtTB43Rzlt3Q8BgPhRH8viGGwML_I96NPQWmo9RShF13p5xwmMJl76hBw0BXtEvUq1dcPVJ qUrO5JB2SDbHoqnJn1ZuLSPc77LQkKaQUU1Jx3.P1TdQX0Fdv0X1L.Hu1sLj53tSEJmQ6qslyXrd 5Y0NxmwbcltNvi8JDBreuEHWnNV.NVEE8xW3H69ofpnY.aNArlaZKUquR0W7r67KWrPzMiSj_vuN _elzMFXjHF9AXqT29hWcmNtXe.oBX8.zSOW_VVv.HZmG5RkuhpzU2RooDyWh_i8n.UmiRx4HDs27 t6eQ8qCm0Due.__sHs_jm3KMGfForfr03mPbPSnFFQ5yvopKuDibQyGPeY4fF2UNruzTu3KPjscK nFgnGWUXqiRweyepYYX8oi4JK_j53nIpQ2jPzXxOZM.GLRta_fT35JFpFq.l.DV5qY.pXhw5w5LR A8VUtpOQTUTbg2vL5_rNFsvp46mIJZ46ng6oEP2fIEJHeBYLiHik4uSPxWoMK36lxYaPAxl.pYUi uIDgLAnUdsvXfPm7.wGdWKxm8Lkn6xuE429WTlBApouiyIR7GvKtPEdQXFn4FgwtqauHxghr_ZZt zrV7UDJpdnVQv X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 14:59:30 +0000 Received: by kubenode537.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 50a94297dbc8b7791b347ff51d23fc22; Tue, 09 Mar 2021 14:59:27 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v25 15/25] LSM: Ensure the correct LSM context releaser Date: Tue, 9 Mar 2021 06:42:33 -0800 Message-Id: <20210309144243.12519-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 1a15e9e19e22..f74a72867ec9 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2448,6 +2448,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2750,7 +2751,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3084,8 +3086,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 02f59bcb4f27..27b1bbe5ab08 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1349,12 +1349,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 74bc5120013d..503ee773f571 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -135,8 +135,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index eaaa1605b5b5..afccc4f257d0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2844,6 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3345,8 +3346,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 175c8032b636..554e9da831b6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -133,6 +133,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -547,7 +578,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1395,7 +1426,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index c06133104695..bfb4696503b7 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 768989b2f09e..caa69696672e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1410,6 +1414,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1418,7 +1423,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 2f089733ada7..a7e4c1b34b6c 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index cc2826cdba8e..6edb78c9cc87 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -339,6 +339,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -359,7 +360,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index ef1394f7fcf9..5ee033a1f885 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 1956b0312ec7..08ca87fa97b7 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -630,8 +631,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -639,8 +642,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 93240432427f..32b6eea7ba0c 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index df51140a4d93..f1c1b387bc63 100644 --- a/security/security.c +++ b/security/security.c @@ -2301,16 +2301,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); From patchwork Tue Mar 9 14:42:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125645 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0778C433E0 for ; Tue, 9 Mar 2021 15:01:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5E37365244 for ; Tue, 9 Mar 2021 15:01:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231685AbhCIPBM (ORCPT ); Tue, 9 Mar 2021 10:01:12 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:43261 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231338AbhCIPAj (ORCPT ); Tue, 9 Mar 2021 10:00:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302039; bh=fqIXKdEyjJ9CliJ8wDI5KKMLcufMAvwpUcNeZ1GoA4w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=P/1M/aFJOjuyHiwmTNvbU4frPfzkfc+5rCw/3S253QkpOoC+1TFZPteRWhfa6gCSfsXKovN8JofKPeZYzc6H7lBG6VBTme7JLGCZCVF7HygiZe7xChtZZX0HdW2An27ti9iFDFC7RLnwLeo3XlunJ6uaXF6itWz/b2QpkMAuKB6FL2ixQotOL+o8nxixetBND+u7+68s18+9Cf9cODcdrZPMcZLOCriwLDDDLo8Nh1miZRYSDI/Smp+23qYui3buUaJ/MO4jtr7xp5pO9LcWNa7zf5vexhCVfvUuTUN1h56Jaj9X82mZQZhBVdRJJA/D4jWszwM14OukdVeiXXuQLA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302039; bh=3CnFWksLkYGaXlHYyqOqV6YzA6690cGQlXoeiP9fQZ9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=fQGZXfcyixao6Rhyc4grDu818Rl00NsV1TPuyOv+Ivmmpw3QgOGO+FSRHs5sh7dEoxBYlHARuj8VTt5yb7sbV3M8zIfEgMxPnG57kiHBs8oh7VC/VpJRLEvEBD3r9EEgXqWvbQwIeBV6izKp+lMfgsvnJ6fL27gFGVYDFshidaH76yBThE5X2XrWqd9MZZUSy1PlUFlnpJcP3qErOav49PCEr76hwNU9XuLfYto6J4btzOqcK8oY7+MudW4PLwvWDwSpdCLs3fwhExDIXGRFcbZkaL+CsIwJb+DVJcpkN3yCVeLFor6wjJFgJDQkKQ3NWJotulDIwYlf/emTDHecfA== X-YMail-OSG: 2WghRAIVM1lC9tPtSsxK5_FCqhrEAnksZWRc0mCV3wlw6uRzxLSZmK7p60fnoDa 8l6TGWp48H6cEsbTZO4yyHAqV3zw_6aLeYiuZ2G61UIsqSwTd0OBSoq0zehgl9L9pNi_yyeL9fJM Hf81JcoiIyNpbctX7kdqq8ZfHFiSUX_2ORwlCz_T89jzHXptH638ycDuod5WrN1qWttXWJg5joBp Uu9gfRVbnQMivCBzuWY9p2q9jg6qPGAsge7c4wl1a2Jr_nCS8XqDcLEchFZp7ETilt3ivMMdKkS7 OP58FOHj_Hivt5QDsHYwI6LxR1SMISbcrJ2jk0xjP9kR1YxwTcWr91K2LV.Y4ClB7Fn8nnxql8_Q H8_NAU_Pa8Do696192OO5.6gTcgTCEeWZuqWmzIJmzMIBeNKw.eim.sTnsusx5XyYqTQXVznQaLU AvYsLy6kCYq.Fbg8TxjKKEInvAvvvfYNdgxjXczsFLL.UMiuCbkYjl3q7BpFmG1rjYiKK65FasVA qvRBWT5ydu6kJUxCbkC4kmrUfyoJrg9TV9FIG_TGg6BuKyEaMQd3C83NzoBLkxfNOpShLyc.949c FUp_r82IjZwswSnTxfeG3qfW7MKA6OA8CJ9QfsJIx8fHnWoO45QY_9n9FqUmwHw.cp_BllP2oZ6h VygGOdFN7zTeOwLQgOGTsJ.s_huqVJlaOfCVgyfROcC581QSsvKvdWupRfgzIWBx38LXuiaNWY8Q DsnZCCMYtPpUbztxhf4KpJEbB4S6rc10mr_CUHNs68fyP3aM0EVwP4xKz9uYuydKXgL3xNtg6h7i u7vH3VFjA4XXZdAw551S3Ytbb5nsn_hTsNz1YHBR90AdnSS3L4xRv3dioX_IS2guWtN0fYuaMq35 LoV4WkfzsRKBydi3F7VLat32aLgVpDegGMonUlurlM7gKOmpyMYzcIBNceggtZqDFb.FjrkZI1RW 4CJ7iBBHKvCX.g0Xkom6U2qh8nBrJNFTqnD2XlW7f1Iz8nvlyAyPRDSluwwq3mZC8pSJf637CFyp L560Q5oMBACwLQE9tw_aV6CPotZ.29J4xZdEWhAmVlKBVaeW3Bvs6gH5TcYVH0R1S1.DS6.ARfng HofLWYRNlmVY34d6Rxbo3cAUYecSM6cGTvGvBC9ytBsVTGTMg9_2G4VhMxIk4xbicDy6rhlxkss_ eKQzNewe6XMq9.CpCc.SLYODIF6QDSiZMgDEw2tCQTbciBH3MpC3puYT8bCgwElIYvDigAmmEAfL l5aDsFfpWjHsgg4IwAFB6T_7m2kDLFFtu1jnZECsSy0W3xN8k5cGJvOdndt38oDTFlmXvI9Xu8NS NzekDljNZu.QkjwRb1XtlCZi.KkzmDJHqBkF9JpBtlYgVE3hz3BIyxahselTBJs87pNiee6K_NjA pLpryrm_3zEujiMu3Ah.BwXOYFU20q97XgnVccB.Upe82Lk7qOLyusnrQ7QUWxh.D4jbvAN2PHoL QX5qxVht9dK5awo9EvpJXMYCH8T9_5H9URk4qdDTrq3V29Ynk_7foLmcSPe0esRxPiD2KQDNY.fV bVqdJYDnXRPMYeBbDtKEiLDNkpICwUY0qrBRS1vnADoWlwEKH_72eeq4zIHz5ZFeXdvJzwhhUu1_ eXsiIZEn7dhpZTRVrWMgVem2LDxmrNuS2o.Bl8slrFeSzVfQQ6MpkzKgZDKgU_pfg4vvo.HuJvEk X7wTLvDk8V7HxHzck_f0cWCrKIIpgcilL7rsJ_Jvk1fWnQNB.ufS2_nR84PJ4w.uwk0_.m9dVJYT IhDwzZHQQKDAjhlq.EfB.I5UYMGJ2audUoTjdeK9355WXPMM0NCf0E0z_LATQ7T0PWgvzi.NbJXS IYlLGAWu8bOwevKafMcMCM.NfROcNPfHNpy0l3JIIzGOqJEAuVCqTeGKt6rMt0Bvngcl7_0kIj9c MbTs9zaQhW3QuWTZa0ykzXpmaTDAgu4lR_TwMmbah6e_Rs0rfTsHPruG6oo4s45YKyFsgF5cApqj FS4G3nHOqEAGn_90M3s9BEmN_OsTyQlFG1G3.jNka2KWGvMP2rSXLZ.9PMCoIOS.30eBumrtSCXC p1vnEIFZ0pEXTO21hdhbLTZqd8V_7sAE6BJg8Rcu_vVVENCYWuGNBL1RY_c434X9zYB6szje21IH mvgb6SgduHyJ8qaah4XfE.7rPGaOe4hJVpObdFukNnRK09ZEllTjHXcALIQ9humgW.ObAjc2e3w9 vSjGuPWA8ZOYIi2FaDF29JYRTN5CCOiIfZsgLjc9RoxvcDAVotuW7F6LVlTAOzKb64DAowRTavrs BmUGaBJEfZqWMTpAFpfYPq46ByeqOj4B0VoRYsmr24cZ26dFITXiBy8.5Okezc9yddgAn9BritFA TBU3OTCxT.KX6m9iEyUVJaISegRae4qiFUxZji16QE.X7yDJgfSuJIuxu8xGzMHiXXs2mkYLqulK eTj85lgAQ3pWRTux2FE7TLlncjwep7s8h1wxfAMhTEOBhKy5hqQjdQmCJuj2jw6RWvXvBT0OMM.R pkrLEMQhKSQco_9OdD7TL7TornqLzAdkuFRzorVNTKN6Gf80fikibT8HkvtejQIgxwPJZSWRctAU PEWa2NSmYacIH_LMuUEnBWgDKAC_jEhkIgGSLRr3it1K_m_Cy9Sw5_UbmEirdPQbJ0CAqbo1Ij88 cRu59fFc6i2Jp6FrvtKsfFDbXZWN_1yxu9riQc8ecZnIN8txwTlFBGZkvHp6Sr5DNxGMKS.2Y49M oYmCYeZfe8q67uXhxBV0pmNGYwz9QL0hwsTcb9uZmk2wXAnsYXPEiere0gUnpmcC1DMFXzjW_nny ka_g7GBL9AWyTDYRnmLUFYyn6wFD8bmpZR3SeaOhW2Mkka4wtXP3hVspHmIKArY4lfE4eoUVlFlh ksAMIoCGdBqeky1oMQ9MFTVCmo9LrrhF6yjk7E58_I7Fldzxrl41jBXDWkVmhdJSMuwO1BgeQxFd i7uRhEtK5_GHMnGiKbFKJuCoVxVdxWvOUF0xvGaPgiOqfKYrH3oQa87MxTQzbovF85082s8gm5QU 6ju61p0iat37SbOjosSEgaIJzSijRwrX7eOoOSASJCb9M0P3tUKL2RBx3IreJYdcEZn5.b0aJCri vhMjZynuMqa1_PZFyoWHqk5JbOE7pefLdmaR2aKIDRcBNcND.LgcA_FJNNk7jzlHl.XE27KaArz. cjQidxBQ6tiTPEnmzaxqnFSUWjczjCxe3DE.WucrtntHFPNObx6FFn9Kh9onWx_dn2aO_ X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:00:39 +0000 Received: by smtp410.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f41cd409b216605d7a8190a333a6c8b3; Tue, 09 Mar 2021 15:00:35 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v25 16/25] LSM: Use lsmcontext in security_secid_to_secctx Date: Tue, 9 Mar 2021 06:42:34 -0800 Message-Id: <20210309144243.12519-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org --- drivers/android/binder.c | 26 +++++++--------- include/linux/security.h | 4 +-- include/net/scm.h | 9 ++---- kernel/audit.c | 39 +++++++++++------------- kernel/auditsc.c | 31 +++++++------------ net/ipv4/ip_sockglue.c | 8 ++--- net/netfilter/nf_conntrack_netlink.c | 18 +++++------ net/netfilter/nf_conntrack_standalone.c | 7 ++--- net/netfilter/nfnetlink_queue.c | 5 +++- net/netlabel/netlabel_unlabeled.c | 40 ++++++++----------------- net/netlabel/netlabel_user.c | 7 ++--- security/security.c | 10 +++++-- 12 files changed, 81 insertions(+), 123 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f74a72867ec9..4c810ea52ab7 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2446,9 +2446,7 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); - char *secctx = NULL; - u32 secctx_sz = 0; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext lsmctx = { }; e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2702,14 +2700,14 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_task_getsecid(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); + ret = security_secid_to_secctx(&blob, &lsmctx); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { /* integer overflow of extra_buffers_size */ @@ -2736,24 +2734,22 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - secctx = NULL; + security_release_secctx(&lsmctx); } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -2810,7 +2806,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3086,10 +3082,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) { - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - } + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/include/linux/security.h b/include/linux/security.h index 554e9da831b6..d0e1b6ba330d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -575,7 +575,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1414,7 +1414,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index f273c4d777ec..b77a52f93389 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { @@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - /*scaffolding*/ - lsmcontext_init(&context, secdata, seclen, 0); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, + context.context); security_release_secctx(&context); } } diff --git a/kernel/audit.c b/kernel/audit.c index bfb4696503b7..a8dc5f55cfa3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1190,9 +1190,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; - struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1440,33 +1437,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + struct lsmcontext context = { }; + int len = 0; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_secid_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_secid_to_secctx(&audit_sig_lsm, + &context); if (err) return err; } - sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); + sig_data = kmalloc(sizeof(*sig_data) + context.len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) { - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); - } + if (lsmblob_is_set(&audit_sig_lsm)) + security_release_secctx(&context); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + len = context.len; + memcpy(sig_data->ctx, context.context, len); + security_release_secctx(&context); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2132,26 +2130,23 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { - char *ctx = NULL; - unsigned len; int error; struct lsmblob blob; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext context; security_task_getsecid(current, &blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &ctx, &len); + error = security_secid_to_secctx(&blob, &context); if (error) { if (error != -EINVAL) goto error_path; return 0; } - audit_log_format(ab, " subj=%s", ctx); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index caa69696672e..3db1ec97720e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -998,9 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmcxt; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1011,13 +1009,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &ctx, &len)) { + if (security_secid_to_secctx(blob, &lsmctx)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } audit_log_format(ab, " ocomm="); @@ -1230,7 +1227,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1254,17 +1250,15 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - char *ctx = NULL; - u32 len; + struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmcxt)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); + audit_log_format(ab, " obj=%s", lsmcxt.context); security_release_secctx(&lsmcxt); } } @@ -1411,20 +1405,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (n->osid != 0) { - char *ctx = NULL; - u32 len; struct lsmblob blob; - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmctx)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index a7e4c1b34b6c..ae073b642fa7 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen, secid; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); @@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context); security_release_secctx(&context); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 6edb78c9cc87..f14c0049d7cc 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -336,8 +336,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + int ret; struct lsmblob blob; struct lsmcontext context; @@ -345,7 +344,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; @@ -354,13 +353,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, context.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); return ret; } @@ -660,15 +658,15 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; struct lsmblob blob; + struct lsmcontext context; - /* lsmblob_init() puts ct->secmark into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, NULL, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; + len = context.len; + security_release_secctx(&context); + return nla_total_size(0) /* CTA_SECCTX */ + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */ #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 5ee033a1f885..241089cb7e20 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -173,19 +173,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { int ret; - u32 len; - char *secctx; struct lsmblob blob; struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", context.context); - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); } #else diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 08ca87fa97b7..449c2c7c7b27 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; + struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) return 0; @@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, secdata, &seclen); + security_secid_to_secctx(&blob, &context); + *secdata = context.context; } read_unlock_bh(&skb->sk->sk_callback_lock); + seclen = context.len; #endif return seclen; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 32b6eea7ba0c..aa53a94115f4 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - char *secctx = NULL; - u32 secctx_len; struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && @@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + if (security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); @@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -510,11 +503,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -553,8 +544,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -580,10 +569,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -1106,8 +1094,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct lsmcontext context; void *data; u32 secid; - char *secctx; - u32 secctx_len; struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, @@ -1167,15 +1153,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(&blob, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + context.len, + context.context); security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index ef139d8ae7cd..951ba0639d20 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, { struct audit_buffer *audit_buf; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index f1c1b387bc63..73fb5c6c4cf8 100644 --- a/security/security.c +++ b/security/security.c @@ -2265,18 +2265,22 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int ilsm = lsm_task_ilsm(current); + memset(cp, 0, sizeof(*cp)); + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + cp->slot = hp->lsmid->slot; return hp->hook.secid_to_secctx( blob->secid[hp->lsmid->slot], - secdata, seclen); + &cp->context, &cp->len); + } } return LSM_RET_DEFAULT(secid_to_secctx); From patchwork Tue Mar 9 14:42:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125709 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72E38C433E0 for ; Tue, 9 Mar 2021 15:02:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2186E6525F for ; Tue, 9 Mar 2021 15:02:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231886AbhCIPCP (ORCPT ); Tue, 9 Mar 2021 10:02:15 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:45450 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231800AbhCIPBs (ORCPT ); Tue, 9 Mar 2021 10:01:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302108; bh=NzMMPOz4GfYxl1ySMgxdQg3V6bU65MO5j3F0eCJwaqs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=eLwjMesusHWBg2mhJeBkKrRe506yK0qjXNZ0WaRThnjC7v8WOoifuxMExS15HfjxYAyQaDupJ/tEKdVrCvDHqsVm20RmVvTkz+r3lKS8IXQTacQGYAoXfGnSle2t5GOsqsYwXWEaSF5bkowWpJbG3oRR8Wi6LgNceOE+5lhuhqsBe4Zn6Oy597Yp/5mIGhjWxWV+nta/SvjNmVOhX54RhMFVhSvVcrjsUsF5RAYJKZD2baX3w/9iUJwnhQHBGB+8s5khIaKlzmiLAbGfaCs8qFvjQ6+I2Pk7uVSlGbWDhW37cFcloNQKIAf4/YS1zYakJjakfQfKnYNRiQ2tlRrGAA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302108; bh=87v8sRtHwup1IL96dSLvCm7u265ney/iTdgLtB450G1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aJwVY957V1wHg3I1kJvE0U+oTvLQS+vmzZLnYT0uXyfCHMU+VgPP90hG9DViUQA5EQLCz8+eW7CC5gx6sbmSHZqYC/108DrguHKdz+haLZpUWWTuM4TR4P2jEIQh23MOJhhFCx+DOCwstBkbd9iT6iOuVmo6ffJ/Zl21Rb/wRgUemFXrhDoV1C0T37tsBCFCols2D24ml2dctsSmKYWujE4WlagWVWDiVdK5QoaxbnaSZnP+TDFTJkJAbj8vp59x/N/0NL5iNiO2jcBEnqhbHqlPuQxuJ+RULLj0L5BwDXOYu0/LseixrL6yP6LxtDDDBLreAB+BwLjJtEZ8UzR++A== X-YMail-OSG: k8hO8t8VM1m2YcyDdjIGAQCknW13EKjfpCHvoVFLv75X8YLXxNwLZhcLI1oOxXV FLxwVQMWpuZWV8iuuWA5CFqvCFuTkGI50W2594m_4_Wpl_45ViwBXoQAXmf48GNhsAkUzdjg9klD atGSsVgC6sdECiO0UiWp_9NFpwbgjx7jiBext9vXkl29fzO9UCTeH_kF8yfA4N1ap3JF9n1eoa06 dlSqNzsobplQWjWai8UaOI3cfJrsSGSdtFnwi.Rki6v1GomLdMT3wnL0LANY01GT6Xv8NzvDddWz IUQd_vl.4z2zqWXRe2QbonNivqO2j1.xVR88Pk3bPN4WV6gMJzx55tzBayrEG3RYKEOh6wDI1X3I Gn4yzv74eCFT5xlq3xLtHwIQVq43gQMisvFCAPiTSmnlhiZ8C5p0hCQAy.E8IQfCjU.K8y8oN9DS jMCEn3YBP2SMoWp5EFX4snWbdMIbFKEOhpg9isn4sg9lC0TysL463XfdSUH8W8_E2PhGUk3QAECA PdY5LlRHS4_hQiIE1RD1yFFf8uDFCwl_8RtygiRfdXs9km7wJrpwS0jxiTrAzEOYrn8RWVTMUojp FQFEYfPODSbjS6KJ3Ibu08dmRyjGvOPgwszVprfqmg6pQaFB9jXlfnV4q2OZ4hMrAa5hO1tydccD Bm7etG.pt16EolyGaiXMh021gbnah6omvqSP1iiXneIfXhVe09bTmGtUxjS.vXMoF5wQN1647e5P 2z_X.MYd2TvaJ0SKcs328J82x.WRnKC7Rc9t7eaH47tjRwydaAizrGwrBfAVpW7ty73CBluO18MR cOUJAsT67jiX6DNjBLoiFumERQnUlHZKkHNsdeFKHOe9UFnvpaTYg6AOWc6.OJMm1OBZ3HbAq8q4 pDzft5ARy7zq6PCOgHiPVoBpx9_1zf2pb2_iQUCt2YC5GGYMcxJdLOsK74XfuUE5tWdHdSWCkxbV NzTZczo1DDi8NVZ4Po20hjOTN1M.wWQY_CnFKPYKPAz9m7ien3xDM3skZqKlszx6GDdb7hW4HtSk 4m9tgJQe0FqVsm.z4KCfII0OJ4DnOswIY2WWjN9zKhaeHZJ5VpPscaI7OJEOggNekRqCXWuhKL21 _tKtfxIQ_t5lwH2pRcC6SSmSxecVxnAEAa8z32ZlhqY5EhqwjZvC5C.Ah9Vlp5FULttixYgXJRdf ..Gz9TWFX5haXc.mC8OBnMAVZmE9FMD.IS9DqKOAT_bAf33Gd_xAQhAjky2yruJyQf_xBTOocobp raQE5tiBUMU7dqpEWN_XJuHiR6xlRA6veJTfp7o0KBN8SNKszUt_YEs05U0bsCuzs9_y8qI5CWJs xDdl1cAIldEDx9wuhm_FCq5VCmIe0g89_nV.napzTnfmnYTIXgT049WG8jeDAVGRPcAk_MAA3jQJ fWrRlVClk5_2xMdTRjuIx0XroqlRPiAWrVqwse34_3R8ZZr6F6NZSMFzvqVqCts9lcE.Hh4wBZ_. pVDIhgR3.nBJj0KRcEGG_temDrdHsT8lvMPfCaLf7Kk_W3YCIRexn8sMe9nKNmcnsjdzx8aAhjJj 53PpnWi_n3KFFus2yIcO3tKJvA1NhKGKfJHJFCE3YY4wb3Sx4xt_SLRAfW2arrurBHK8B_Mv.xjd G.mm6.QvwCKA08aT1DvTz3TNAPaPGbAca.9Te2qnADlb8OS2xhdz7OKbYx5nlAVfFcuvGvt1Dqjd hpaCe0yXuD3q5pyapvc6y1nX2k3lty4l21yG39SQYaiVVCEDeSPSyBwEd1_FJoQg4lrHNI6f3Jng DHgxTa3ctNUmhxIAzp.nM1NIiELAPEv4fgZRuFdf4Q1zy7Inzdk_XekYqdBuPDMbXsdRZcZempXr rEPna3BUajP8c4xDnhyjlJyJ1SnVihOaQVYLUlYVLWFdQ0JL2PIocr1SqmM3LlTbZ1nw8iqSzfzk uWlCfw8aAhTI29XJxFX95q.j1igb4gsMScSZcSteQ6PDpcuK3ZyJ.k5NJD7a4Y8p6RQ4DP2abSAD 7uZpp49OY_8SFsVloiwyhPXblcOsFNSPpd6dN6FBpUQOKcRy2qzcinsfCUqobapK0rDKUHj.oq_J vlNwTBFn5PnjhpsqM.f1ZvAyGvCdOVWc_QmyLyEC6GFNgdU5xji.fUKWY_bK8r4X3xxfm1vPhrGg jUjrNMFdS5r7xfCMD4TzKoj4kAUQ2NB7DEaA.oE_JQOK1192i5k52w7kq_ieRb6dSUe98ESp4ds7 eB52kFFtti39Dxp7XcV.nPteNye2iUeYhxrtI5oyVyFLaIYt6_Rx7BSfmQNo1oI8qP.t3uTEWcji yhGrUvYZdn4a7dWmzcevHEyrv8Fch7jKRVKgbtP6.os4URkBrfQdewAzxR_DXUiXPBvJhkbOha2o w0ySCp0fZVl0DtpBBYH28GmnnebJT0VXQIyP0xKYD2EmAGXMWeywnD4oLtfXay0N9fUh_X_BEOY6 nnTSVwHNHYh4mZwo7sHQIIeYJWJnzbaJxHIuK0qOVNtwVdM1.c2XDH4iGaiqvrE8ZL8228H2_EMy cM9XnwzpQ0dClV1FP.yV6i0mMa0yVo65skX4x1kCeY.wALpfXrwZfuHS0dZ8bVRh1qKjGVU1kyr4 DtQuW6647IPufXh6dWr7FlYhKukDIYntHl0SsYjGRNXqdX7pUSrxk9v509jlV9xJ.fKw5.Ddlv0D gBbLcbyJ.jYENiWw_cFdAkLqPpNT5SMTY3bUKDdlDWtqhnylEFITMnDMxTWlexijV5D.ZaSUgQDN YVPz8TSgCT4YlaudHQ.7XrstfH5gcwW.qZ08EDbFH1hsIndM3tR77ta2hQEKftIyWXShjd1HrCuj 1E3PrC6Gypb_hlgrkc_cpRQDi.SlZqxDDlkooMfjBkWQY1TVek_SNgMf3S9DKzFsG8m4wJrUKCm_ nHWHfpR3cvbtAC9sWqklazodPGwb_f7zj8LVM6r0Zhb2Ez_fBP20Lhi1fZV_y6OKTL_JsYy9wopD MP8o2sMU6cPVMe1uZqKAk6SdKu6OzOUdYtCBmcHlsYRoXbcElvG56799Dz0BLJgFgQnP80dRjgNJ FrqRB4lhhgY3L0UkpFhoL2Dmhr5yBUeNK0IR1I90VghOo_EMJp3iAEHXNNDCm1Grh8PUEVzry9aw QaBLb_8FQ9lnUAEJOrV5UdwCgfSA81yGJsCa7OXejzkBrzJGdNPT53DYKxdIl6g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:01:48 +0000 Received: by smtp410.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 479e650a839dca9718bcfa95be4a5aaa; Tue, 09 Mar 2021 15:01:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v25 17/25] LSM: Use lsmcontext in security_inode_getsecctx Date: Tue, 9 Mar 2021 06:42:35 -0800 Message-Id: <20210309144243.12519-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change the security_inode_getsecctx() interface to fill a lsmcontext structure instead of data and length pointers. This provides the information about which LSM created the context so that security_release_secctx() can use the correct hook. Acked-by: Stephen Smalley Acked-by: Paul Moore Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-nfs@vger.kernel.org Acked-by: Chuck Lever --- fs/nfsd/nfs4xdr.c | 23 +++++++++-------------- include/linux/security.h | 5 +++-- security/security.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index afccc4f257d0..a796268ec757 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2727,11 +2727,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { __be32 *p; - p = xdr_reserve_space(xdr, len + 4 + 4 + 4); + p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4); if (!p) return nfserr_resource; @@ -2741,13 +2741,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, */ *p++ = cpu_to_be32(0); /* lfs */ *p++ = cpu_to_be32(0); /* pi */ - p = xdr_encode_opaque(p, context, len); + p = xdr_encode_opaque(p, context->context, context->len); return 0; } #else static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { return 0; } #endif @@ -2844,9 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ - void *context = NULL; - int contextlen; + struct lsmcontext context = { }; #endif bool contextsupport = false; struct nfsd4_compoundres *resp = rqstp->rq_resp; @@ -2904,7 +2902,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { if (exp->ex_flags & NFSEXP_SECURITY_LABEL) err = security_inode_getsecctx(d_inode(dentry), - &context, &contextlen); + &context); else err = -EOPNOTSUPP; contextsupport = (err == 0); @@ -3324,8 +3322,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, #ifdef CONFIG_NFSD_V4_SECURITY_LABEL if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { - status = nfsd4_encode_security_label(xdr, rqstp, context, - contextlen); + status = nfsd4_encode_security_label(xdr, rqstp, &context); if (status) goto out; } @@ -3346,10 +3343,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) { - lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ - security_release_secctx(&scaff); - } + if (context.context) + security_release_secctx(&context); #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index d0e1b6ba330d..9dcc910036f4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -582,7 +582,7 @@ void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); int security_locked_down(enum lockdown_reason what); #else /* CONFIG_SECURITY */ @@ -1442,7 +1442,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 { return -EOPNOTSUPP; } -static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +static inline int security_inode_getsecctx(struct inode *inode, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index 73fb5c6c4cf8..b88f916e0698 100644 --- a/security/security.c +++ b/security/security.c @@ -2337,9 +2337,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) } EXPORT_SYMBOL(security_inode_setsecctx); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + struct security_hook_list *hp; + + memset(cp, 0, sizeof(*cp)); + + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + cp->slot = hp->lsmid->slot; + return hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + } + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_inode_getsecctx); From patchwork Tue Mar 9 14:42:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125711 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18682C433E0 for ; Tue, 9 Mar 2021 15:03:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D2F61650DF for ; Tue, 9 Mar 2021 15:03:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231858AbhCIPDV (ORCPT ); Tue, 9 Mar 2021 10:03:21 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:43143 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231865AbhCIPCy (ORCPT ); Tue, 9 Mar 2021 10:02:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302173; bh=q3I4/eiRbkYu2f0b01JDmqntb1ptAUIyC93pJ+71rvk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=fgUAcYfSFGqEAR/K4chnb0vzS7/Fib0OKjDBEvRPPLcyBGV+d3ZMpCtEHi7jiPeOt/kY+SSBAuLMX3Tn9DTx4jLwmSH+nTLKJDLKhglz0e7fBOm8mRgU7CX2YuHWMvAEjGJQrKZKYAvr+JiVGKAH56+suJnGlY2OFVR016AwtEfP+6qToLTbB9V4YEVLOb5bGGO7DEpoti54frCu9Z6vE0WpT9Yz8Chvlr0SA0QyhIKO6PWGBj9K8xWqGN8L7+XslCkkoO2aOQVUN3JF9T3ctOHXB4GNIMibH9mOAo0MQ3gWRBYh7/Pfeb1FxDnk7oWO1pOFWZCRYZnfCqHiJP+rNg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302173; bh=n4B2aMXEhl/rANrFIR28Yve3FPmx9aqcjy28vhfBYk3=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=m8r0fnjlXdejOMYfsf7nCKuLY3SNRiuLKEZK/fIKVeOLKAUzQ0hhnSr1MnQw7Akulhrr+hqBH5nm4OKtsarLLQFsZjJvLQNYc3q+TGcGsc0uJa+QFlMxtNSMNRFSvaN9/8B0eILkUlN0MSOPvyX0L6xNdtc2mLXlIJLBSQHAy3gfiKj3zmUGDalY16pQ7TkvnMlt/b51SDdP9QLLF6fm4Y/dF7tYNdVdZKx6f6ubLmqfNSd4GAp5ydddekYUTR9OkyhG5YfPVC5eLpPnBqVgxnxgUN1SnNeuwP8svWvXBwQvW/KT/gvTJFqA4uqCsbxKZNv6WMibe4jPWCuGThhdJA== X-YMail-OSG: MN8umH4VM1lX59sSB1DZsLSTWprG5qUFk4SCRa3raXs8gmFff5UkkQFG7uJYcvV U1mNgbGVXcFOnGrssTfUNtonVuMsfdagHsMN3EVHHBkqniJo0mtXqozqr4Rx1i.BJQSUc27uNpwr 8qfmTJtFmvlJvqwDGYWcXK18kR20kgwUP1TNnSWPUAcpbyooVh_VtD7YLmAxzHj.pd.uPZz9laRI fy_x1KndKJwVasKfYn3uXVCKZr59xTj1wRkN1onwzp3v3.D9Nso9t11ARg.TTNOyaB1T5kWQO6Vm pL0duI_qSyyqsEyEvYMBlwomjV188m90aj.X5AAa.KpTTJ3lATQTx3PGQC.zPg908AP_6xJbcwS2 Sy8hnWctbobxo8hbm1dl0YHsVOZCa3gFqvPxV0S01Jp6W6n.mZkHYaXYfBZtsSoFMHybO_uRTH7I 7hg0WGgnrU9NHlDYupoXkhijnutgDLwo6aT_0xg2jBQs.8Xjta9LjaBqNzDc3901NViJ7d4wsX1K yg8TOlxHjYdPYSI4zw8qTBokD46tlPVqhCxIiu64WIkeU5dUgbURcbfcaEjCpVRbUmYcY5XgFuNj OCYxGoo5b1xMRfqE434EoDUrb1JqIFoK3AAnTDD.eE8dcqv9._x.XGusXJHujC8Mxip6zqUfrsCu D8RbJtDEGjdQnOOXLwk_lfj2yMWJjWkKO5P7MjdujM3b7KsCo2tPTZS6geGUABm_4lhl_xmv7s3O dHjirccc7d0HQ82LgnBQTAJU57ABS6CmkwiopG7UwMNa5CRB6PZLN29K4LNbfAF.Ckqzj3yKiF18 Pu4.AdgKICUk_wedq52MHvAcnhzJgFy0s9KX3Kx68NLeJ4wnpQvj2oxHzlPVDB8m0wUymcZ3Dpad 9nKqWXF7MEukI.bc_zbXcQIrKKBqjrbUjdj.845aoVwHbuS7Qu761LEo1j0bt13._Af4xEL7RedW G9KnI2kDxFI0SmKtotXzBG9qay1eliZDlVfeROZnhJvY3AGbXDUYXcBeKwiUlui03hR11XjuLlgz g_G0UYnCCYBFiMO7J9fKYWZB28FrUtReKCwUezFtk6KgKFEM6Rf02jiO0DsBUHThF7Vc9VRQScpO oGqaCEsYEd14Xdb74lKarSJsh5m1v1j9jd5LDKo2nkl.6EHdOqQZnq8i3smG.3HcC1alIKWmEodh 103bpYGpo.Y2sr1zFenTQjJ60IKX6wig2D0BR1cMlH3U0dIvHbawVnj.IchKcn7pUBXkTdyQNW8E qcFH1TvZ7o_IME67.ooR3UtI91QMEvLyrCcEWRhBjsmGyhmpY2Juv3eDjeCnJG2zzXPzz4lBUaDp BqLgRJTSWIO8K3cu1gGHFI4bWD3ONg4pZCQoCn8YuJO.Gl4a3bfmwWheJv53m97wuWQ8FlIUIkx2 9ptudzTQPXo0RSeK1NkVfpRU3r.nDzgyW6x6H7ULqcI_8XuJ8zP.IeLBg72A..drUh_GuroXGbyS _RKHiZ5_ooG9x9EuGbsMOJMXhu5WM4HwTaXg35bYb5opdKVtZX.jNIe2OmWiNEQeP64BlMy5MciN SBsGIQ3.NZjoQbAnyddSo8GfQXKUbY7Gyt9VCWgM7.jDBuhIuSCNi_WeQercIcmmUMqMT3BRDg7I tXouJH8PXIOq4eDVI3L934JiU0Y7QX0axmzYi7RvQX3o1zVenquVv5zK3SD3OgUA.JpVwJvpFPBc E1zH1om9Dxy399cwLrxZQXENgt.AUHKXtOHcpjs_6wu6rZtFa70dUg7UQsmsCKNlVlQ4bVh4FxbD 3OHFFwt9wJHbcBSWVNiND5QQPwGxF6B5STkthxqkm9X8P72o6AinSwKebfmUscvE_MGwlaEJ0bhs C6A0hqSVKDpXW17f0edNSz7LcepUxZoy7nwo6pw6z0ykS9hM49CIO8jdnmia5nOhooswu1BLTx57 fBIauhdukx5ZgkLURlRNiB09Vc8r8Lnyljkj5prYjAb.bcT.6ZoUYf7mTI2c3Wdf7TDufEhKghw7 tezx5XecIuZVI4esWK_bvBwG3aJ9DDR1IeObDD91ZFeuf4pCbZMdGtt0bEGwCJK5Zaq96aYMM5k7 kWxYXRL260IRDEQ8a8ItisCnjqt6mo8I1MOizQXUeVt0sODniG9AgGvy67BZMwaU6l2g2Nk.tQW3 pu1QfTT8lxAS7r1CgNjiTBtGnRaj.a2N1Ao5Yahmrb_ILWgNANEIAW4_CMqQBw34QYnVDl3wMjN9 k_WuzY_VWYzZvpU_BOA8UtLUWG2_0IYwGMC2nUFegx3tt3rdywLqr3dOtjQt_kKlTigCPUOf8NGK 7uPGMw1GapsL5apyU1rzzr3RWXhI0iWtua12mllm8Tu1CQy9xPBi6G2Krw5.rbIjcMGZNPvINWDB Ruc8OczugfpD7Jqoqq2tWLs_a0id3_AS1fIyECzH5Ca3jX5MKQwzAVxHVM3s4BGP60pXW1d3F92i y8gEsvFZnMr8lv_sijfJhRFMfhMlQXKLH_vR3GfOyqKOMhn5A0Rm9DyhXzc50eV4RBy.5dTh1H2V lc0BuB4Au8ZTnU17JioYGLeZIPD.2aUB5Lg3Px.sAPC.RQxQzrYvOKk4YQyHIImUM43Q5z1xr2GK 5aLPYTtut5uIFeduGSXUzXWpiz1YSQGmR5q6FSJCV_BgdyUr1JgTdzQS0ilb_b0qNGzJb2j9cnPM l2V8KjKXd95C0ZwZYBS9VfNHQWU9mHk8ly4oUDLMtM2ueBFWpa_AYWSponI_2vU_JfdPOHe48h1x V_PTZAkwc53yrEUizgbZXG69ZKfq_KX2hVho_6.uoPzQfvAD2qsqGOa0L4RMjsz1KCkklCPniPXu aagXoAquTmzwIhc0GX8tHmgCb5qzp.TALy6lsZ0qqGWUv3eYycUdR23rD9ghSI.knmkM1YhFWRwq awnuNgoBJoNxeR84ZtT1dYlVfyMVC_KcJohY9lNulo60aB6hWwG6zTkBfI.uaw4IPPSJxKl9MRt0 R3DKVRCXbKyf8Cij8LSEpxZKj6ZaOPqI4dk.k_gunXOojNDKejSwDY42hZZmqN3kXjcO5dSmljRG tyoKc6yfuBByr7y1F42ju.OtrTT6JTXr4M8haz6lFyluY62zrr_Lx.CRrbmsb8EDqjYe2XNMft1g m3QntwndazmROZUxX1TRJQ4iA_k3rYVg6isLPx.Mcw3A8ZWggCiCo9JUtCQOLrfTt01kuv.uPuUP uLkeQMGmLdE28jso7.wuRdq5CRQAd8dCE8qDLeSHJlswpsYHxGg9RkXvdjRCh8VC4Tzijsuus2gu w4fKpXwS6yp2pHOZSlAY7BtaWSZz86.7WfZifH3C_GgcrSSKh6aoRkXN2dX76QmxwG.zhZQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:02:53 +0000 Received: by smtp412.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 0b0b60e1a865012f293c98f03ce575b1; Tue, 09 Mar 2021 15:02:48 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Pablo Neira Ayuso , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v25 18/25] LSM: security_secid_to_secctx in netlink netfilter Date: Tue, 9 Mar 2021 06:42:36 -0800 Message-Id: <20210309144243.12519-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 449c2c7c7b27..56784592c820 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) return -1; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) { - u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; - struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) - return 0; + return; read_lock_bh(&skb->sk->sk_callback_lock); @@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, &context); - *secdata = context.context; + security_secid_to_secctx(&blob, context); } read_unlock_bh(&skb->sk->sk_callback_lock); - seclen = context.len; #endif - return seclen; + return; } static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) @@ -398,12 +394,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct net_device *indev; struct net_device *outdev; struct nf_conn *ct = NULL; + struct lsmcontext context = { }; enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; - u32 seclen = 0; size = nlmsg_total_size(sizeof(struct nfgenmsg)) + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr)) @@ -471,9 +465,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) - size += nla_total_size(seclen); + nfqnl_get_sk_secctx(entskb, &context); + if (context.len) + size += nla_total_size(context.len); } skb = alloc_skb(size, GFP_ATOMIC); @@ -606,7 +600,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_put_sk_uidgid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (context.len && + nla_put(skb, NFQA_SECCTX, context.len, context.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -634,10 +629,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return skb; nla_put_failure: @@ -645,10 +638,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return NULL; } From patchwork Tue Mar 9 14:42:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125713 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9104CC433DB for ; Tue, 9 Mar 2021 15:04:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4BC026526E for ; Tue, 9 Mar 2021 15:04:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231717AbhCIPEY (ORCPT ); Tue, 9 Mar 2021 10:04:24 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:39728 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231872AbhCIPEA (ORCPT ); Tue, 9 Mar 2021 10:04:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302239; bh=9wegpK8mcknK8Y5IEmc097UBLFU5IwOBWqh7JzNqZu0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=qoJkwcQB7ZeMEJ8EBzrmUYQr9lDLm91ewDkxP14+JfVo2oI1ZqHEGCCWEcLT8LIgqcwYfzRqt/6xIU567swBq0yPUDo9C6ptDP1UKoZnrcGvMN6lwkFARO+nK5kI1DIKtRrTjCP2bD/ZSd7NlPCqUGUeiEcRARGN+eZC1xsjHA/9Jui1Tuzgdr0R7TgGgZUtnKfT+nm+4dWi/npUenUYv2usOQY09kOxcs+S/AkzLtZvAExttBZFUEroC9y76ZO9N0S8BTBTKNpPciCQE/pKZ/CMTbIirLl7Cv55IgHIcfBBtfilheY2xfkjk0q6Do/ZRZ7DVGTvP1sWPb5Hfc04+g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302239; bh=0B4ffJrTIEvbHdwZkcQ8VCmOwBXpbEUrmJ6Ltg4rzd5=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Lid4IBEMy+zNAZC8/7YagoUsFOvmtw1a5t0wuCcWrtV7DiZVVyaKPlW0iBPgqRk2ian0N9zbhoSs7rH1F/gXdOAix42cFYcgUiWwa/2AUK6fXiXpvZ4y+rUb8uZBXnpBzArEyY5iH9K1D5t8P+MyOpF8rsrRWlhbmDqK+imzuRwWxONQT4H/vbW0y359HBr6H25OVEKnm821u5yTz5UQ6gDyUNfDdA596oRwL8GmoR6R7uq/BpMxAN/gQ8vZzKnr/XQdeaNRy+EtQOzErL/uxCmDg7G2J/R+Z+lZuhezyo1Q0g/JLn/Nb+wK2bhMaciwKLxY6ZTP3D5s0w7laBQwxw== X-YMail-OSG: nboaL0kVM1k1RwIHGVXVIryo1sU1ZXSJIYX3nZLRexEcDMcwtrCGm_KlDhAvjq1 6u9BECldpwsGeZaG6UX8LrnGXWukOumArGEyApIXfsLWLBWZyvafIkTSDK6ISG07vd2pGg__QbIf 7FaUKEcDLDY7rkE8JKfq4IGKUIdSekjoiigTJ29xg5bOW_0gT7efY45LY_0Ncc_i5f.NjInpnxPg a1Hab3STQjBvO5.MjG601zb8mOwL9.YJTR3QAH_ZoCXOFWmb5KCRoWNPcisTOzRggAQAqPf7WEpY qPPA2zX3fI8NyqBPVHQryGyywTK1dBo6sxxEdbRH.14jycY6KtPTd0TvEJslgLnh8m4_kgn.seOH vYh3th4Cep7M3VpZ4P9vOjeOfu7NzAHWONGQWA9sAtQnW3zkkSanzUV7S50RR6eaunVIuM.alOKu iScqr5YvePAAuvFMwSBM6bLwHcAJ1kJJ4QZgnouEz24NQ30v7QKjz3spXxc8X4rDFrPa8_6JComM nIOoKubTO8WEnM06_9bRtEs58q4PmskJ9iyJGeGavHtjS1P_DTAo.IQxrTMZy2C.x.2hN4WKOZSS WTcSVPMJbmhEszZmbuVp7LQGrnorCeaVLHqEbHrhTwpH2ODj2oLoLb83gbzhwmj4wsoD173U8o2D .z0C_NcqrSbQHlzOctQ2di6vwVBztdMKeogxoLJzyesDRkICg4r4pXD2az2HPI3s9VyGJXXlHf5c m7L642vOkWYeS1bcO8WJRvzkopWtFP1_DHe9jGC4DTWmmL6LcarK4mevEvwBoJHs1PJ.FtuOtVCB Wmi4RXYmUzICSLMzUXV59qUf9t7madKcv7gGEUp.Teon2NesezH2xPBFCklbwVY6lUaaJKFA9uvv fx9UgL6WHCQHa3h.mBOloss0nkDKbJu1tDmGndNTxfxsZX9EYy6dc5.kFoXryGPPz8KDTJwGrM_f RQx.ogn4VPp0nvBUYRWnJmI6poGyb_986zYDBHzM2iow5ypZHYBtBjOIIILIXBkCUID_.YDDrjf3 hDI_n9vVjenNhsfzMaqOCOv3BJjdFdW931MJrji5dXrdpry7nbiTviYDxmRGAqaJeLbTVJBj24sC rzAXI9m_AeZInWd5Q0ix1hPKKHDzY8uwuvrDA6nd1LBbi53l0rWZ90Omk6t.EFUgZpPYXyUQcDrO acsILcJjeMlgEY4I0HOd0XFndYbFfQLH4OgSOhGev4vNSTk_tVOveAU.Wk4fSRGuOqXkVAP41RUJ gtK2c_SA0CSr5NpupFP_m3v7YGHik8B8OrgV5XdUI6rOUynPCkNT4lm1gKC4GOYfkJrNcFi3Wk9_ m.4BUou4LzV5hRL8TcVXoKf4Q2bI7pR1vijqkfLnJe86hAQf3DPUr957yzLWPeREJy9tmy6Be5ic ISN5ZxdORRxshk93V1AVhC6RIs81zIGn62KZmJ.YulZUD8AebdB.AkH.vWx45BrvRJ5tfke2MiAH qttwUvkgk3JxcJr3XxdNvb66xfQ_VxIFe24Uv8PuR6AsCvCAHyjH4dkMQyk4aV_HnO7wCdOuXqjr gNqah7eH4Sw_p3kpbXka4PDEqfAh3hyIE6lVhFtbcEVQUv5hgwCRZ12peLvjBIRhOTeAtuQxNDh. HzyaW7dit2Yggwlx7A64jBHXBoU0aNqXEcgPwsWHBZFOn3XwqoXt3oasbfIRaeEaSvb8awARWFs1 D9JzOCB0myHzHLSSFo.Ezq1ovUu2UpMPK.phoBQVuApxS9Jt_3FZR9vfoZGAiJjlZG1_UZ6.jbUQ sQ3MQELDV8448jYxZXjuKJiy4XLLZManYZQiGU5RE8w3bXTgWa22P9mxpnHyaJSR0huyouhsdbeE xCEmEXuHvHcWFd9Kn5416888NGInAnm7R.Mp2bJTT_OA83Ji3UBvksB_alm2mDV394.D2HYNENz8 6Cg3qA_dB0B57.TlncjAMeMZeFdabMqddzF6PFufnhisl_ZpUqv3URgIy43isUTROw3UJZVPCggz y4bKNKx2NBspBGznjwtXqtBdzUkFIhOP65_G4.PGICa4maamZsuBRUDJMvzhmtu55kZN4vohr5qJ Wc7f8aXjUwE4TYatvwooEH.NdzKNB8.RQAOT0e1Ejjy9uGcZWOBzAk9X8eBqNQwmCemM3a0wUwNk priGJvGCsbRSijF1NlAHYZdL8m8IaemtWhN2ayfa.D8Ar9sy4Fu_0Ib5HvT5Hj3gfgx7K143e72B dkP_bvIZPVRGIj3mPcYX6t856u9_tRxPGTIk5opYFGcyKNXVlxcmD3ETx7bgn7mQG6aBmLvLtCyu 05P6YkgDjqAXzbNe2YBIoSvFEai17vzyPwaLAVR4gjUtFcTusHAgwlxk_amq742DfpiN1pXDSplI XZ05ctIfAFET6S561N6JZyf6CnNhFmKebozJpSRZsCoQDAGjc9X8y1gNECDj.NNv.CPZYqCUALoI xyMNCNduQoShMGIBI_GEnA_DQqUQgfdvbtMHFiIA1leE8V_k.GvmhXmt9rsKEaU9JT1iQtcBbcO8 9hbj6VZE1yY8DJdVQSKrjUs95pPnQuayz8TfV6TN81_J9r95a_oF9IAA6uOKHKyfKPLHBPYBJX1g lE_7EJrl.tIA.COhNUCLkW88sDo1WZZdEa_fNn_4iOwc9OWX2jncezYSsceBHSNUVoriS9AmMpZd njKeDWaZY2W6LsjxjzfPzzMKGRXzEDKAmgdPZwq15kLZiaVur5nrEQxlBsy3tSBkH59IY870Be2E PvUr1K0qu9XC4_Y0ylhMcY6Atk3.voDqU0g02_LcRugkCArcodphgoqFWGITRX5kdvqOBqtDHUiR xHJS3QXnuYBOhpYfe6vRL5lNDvZO5OQX8Ve9tvlAGSILVWvYWljDKlseBmPqtRko7u_gp6yc1jGy Ue4JHoP2HdyfYp.0Ez02GWK1Z5QLoSW2x8vG5nk3FomUCQ7IpriPNss2NYXgQoQAOhLN8uk91SCk BKfeMdsdtWYWMQAcC1ApQcQkVCicpzJceCFie9eyn1ImvoZYZNpEJTfbKevuuv4NSLahIZvA5wGe 2Bb8JXYFhCRMwZnqucs92kZrmj9FQCSh8OVfFp4StPSrLiWkDLGSGxuelK7Q1uMp.LxM.5TtsVZS tu3Ck6BF1YGHVNMqQPy5nBBS7D22_XUbiTih2Ka3FtA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:03:59 +0000 Received: by smtp411.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 17705197e2b5b17aa17bfa4b643bbb4f; Tue, 09 Mar 2021 15:03:54 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v25 19/25] NET: Store LSM netlabel data in a lsmblob Date: Tue, 9 Mar 2021 06:42:37 -0800 Message-Id: <20210309144243.12519-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Netlabel uses LSM interfaces requiring an lsmblob and the internal storage is used to pass information between these interfaces, so change the internal data from a secid to a lsmblob. Update the netlabel interfaces and their callers to accommodate the change. This requires that the modules using netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c | 26 ++++++---- net/netlabel/netlabel_kapi.c | 6 +-- net/netlabel/netlabel_unlabeled.c | 79 +++++++++-------------------- net/netlabel/netlabel_unlabeled.h | 2 +- security/selinux/hooks.c | 2 +- security/selinux/include/security.h | 1 + security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 4 +- security/smack/smack.h | 1 + security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 11 ++-- security/smack/smackfs.c | 10 ++-- 13 files changed, 68 insertions(+), 86 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 43ae50337685..73fc25b4042b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -166,7 +166,7 @@ struct netlbl_lsm_catmap { * @attr.mls: MLS sensitivity label * @attr.mls.cat: MLS category bitmap * @attr.mls.lvl: MLS sensitivity level - * @attr.secid: LSM specific secid token + * @attr.lsmblob: LSM specific data * * Description: * This structure is used to pass security attributes between NetLabel and the @@ -201,7 +201,7 @@ struct netlbl_lsm_secattr { struct netlbl_lsm_catmap *cat; u32 lvl; } mls; - u32 secid; + struct lsmblob lsmblob; } attr; }; @@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_cfg_unlbl_static_del(struct net *net, const char *dev_name, @@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { return -ENOSYS; diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 471d33a0d095..1ac343d02b58 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1; /* Base length of the local tag (non-standard tag). * Tag definition (may change between kernel versions) * - * 0 8 16 24 32 - * +----------+----------+----------+----------+ - * | 10000000 | 00000110 | 32-bit secid value | - * +----------+----------+----------+----------+ - * | in (host byte order)| - * +----------+----------+ - * + * 0 8 16 16 + sizeof(struct lsmblob) + * +----------+----------+---------------------+ + * | 10000000 | 00000110 | LSM blob data | + * +----------+----------+---------------------+ + * + * All secid and flag fields are in host byte order. + * The lsmblob structure size varies depending on which + * Linux security modules are built in the kernel. + * The data is opaque. */ -#define CIPSO_V4_TAG_LOC_BLEN 6 +#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsmblob)) /* * Helper Functions @@ -1469,7 +1471,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, buffer[0] = CIPSO_V4_TAG_LOCAL; buffer[1] = CIPSO_V4_TAG_LOC_BLEN; - *(u32 *)&buffer[2] = secattr->attr.secid; + /* Ensure that there is sufficient space in the CIPSO header + * for the LSM data. */ + BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX); + memcpy(&buffer[2], &secattr->attr.lsmblob, + sizeof(secattr->attr.lsmblob)); return CIPSO_V4_TAG_LOC_BLEN; } @@ -1489,7 +1495,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) { - secattr->attr.secid = *(u32 *)&tag[2]; + memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob)); secattr->flags |= NETLBL_SECATTR_SECID; return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 5e1239cef000..bbfaff539416 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain, * @addr: IP address in network byte order (struct in[6]_addr) * @mask: address mask in network byte order (struct in[6]_addr) * @family: address family - * @secid: LSM secid value for the entry + * @lsmblob: LSM data value for the entry * @audit_info: NetLabel audit information * * Description: @@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { u32 addr_len; @@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, return netlbl_unlhsh_add(net, dev_name, addr, mask, addr_len, - secid, audit_info); + lsmblob, audit_info); } /** diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index aa53a94115f4..3befe0738d31 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl { #define netlbl_unlhsh_addr4_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr4, list) struct netlbl_unlhsh_addr4 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af4list list; struct rcu_head rcu; @@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 { #define netlbl_unlhsh_addr6_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr6, list) struct netlbl_unlhsh_addr6 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af6list list; struct rcu_head rcu; @@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) * @iface: the associated interface entry * @addr: IPv4 address in network byte order * @mask: IPv4 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr4 *entry; @@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, entry->list.addr = addr->s_addr & mask->s_addr; entry->list.mask = mask->s_addr; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list); @@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, * @iface: the associated interface entry * @addr: IPv6 address in network byte order * @mask: IPv6 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr6 *entry; @@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; entry->list.mask = *mask; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list); @@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { int ret_val; @@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in_addr *addr4 = addr; const struct in_addr *mask4 = mask; - ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid); + ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob); if (audit_buf != NULL) netlbl_af4list_audit_addr(audit_buf, 1, dev_name, @@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in6_addr *addr6 = addr; const struct in6_addr *mask6 = mask; - ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid); + ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob); if (audit_buf != NULL) netlbl_af6list_audit_addr(audit_buf, 1, dev_name, @@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - /* lsmblob_init() puts secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -497,13 +491,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); if (dev != NULL) dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -544,7 +533,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -563,13 +551,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); if (dev != NULL) dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -923,14 +906,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * - * instead of a u32 later in this patch set. security_secctx_to_secid() - * will only be setting one entry in the lsmblob struct, so it is - * safe to use lsmblob_value() to get that one value. */ - - return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len, + &blob, &audit_info); } /** @@ -977,11 +954,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* security_secctx_to_secid() will only put one secid into the lsmblob - * so it's safe to use lsmblob_value() to get the secid. */ - return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob, + &audit_info); } /** @@ -1093,8 +1067,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct net_device *dev; struct lsmcontext context; void *data; - u32 secid; - struct lsmblob blob; + struct lsmblob *lsmb; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1132,7 +1105,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr4->secid; + lsmb = (struct lsmblob *)&addr4->lsmblob; } else { ret_val = nla_put_in6_addr(cb_arg->skb, NLBL_UNLABEL_A_IPV6ADDR, @@ -1146,14 +1119,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr6->secid; + lsmb = (struct lsmblob *)&addr6->lsmblob; } - /* lsmblob_init() secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &context); + ret_val = security_secid_to_secctx(lsmb, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1512,7 +1481,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr4_list); if (addr4 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob; break; } #if IS_ENABLED(CONFIG_IPV6) @@ -1525,7 +1494,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr6_list); if (addr6 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob; break; } #endif /* IPv6 */ diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h index 058e3a285d56..168920780994 100644 --- a/net/netlabel/netlabel_unlabeled.h +++ b/net/netlabel/netlabel_unlabeled.h @@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_unlhsh_remove(struct net *net, const char *dev_name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3141ed8544de..5ed2164ea0e4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7045,7 +7045,7 @@ static int selinux_perf_event_write(struct perf_event *event) } #endif -static struct lsm_id selinux_lsmid __lsm_ro_after_init = { +struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .slot = LSMBLOB_NEEDED }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 6fe25300b89d..76c251c49398 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -73,6 +73,7 @@ struct netlbl_lsm_secattr; extern int selinux_enabled_boot; +extern struct lsm_id selinux_lsmid; /* * type_datum properties diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 6a94b31b5472..d8d7603ab14e 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -108,7 +108,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( return NULL; if ((secattr->flags & NETLBL_SECATTR_SECID) && - (secattr->attr.secid == sid)) + (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid)) return secattr; return NULL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3438d0130378..c183492dd48f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3785,7 +3785,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; else if (secattr->flags & NETLBL_SECATTR_SECID) - *sid = secattr->attr.secid; + *sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot]; else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { rc = -EIDRM; ctx = sidtab_search(sidtab, SECINITSID_NETMSG); @@ -3861,7 +3861,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (secattr->domain == NULL) goto out; - secattr->attr.secid = sid; + secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); diff --git a/security/smack/smack.h b/security/smack/smack.h index 0f8d0feb89a4..b06fc332a1f9 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp); * Shared data. */ extern int smack_enabled; +extern struct lsm_id smack_lsmid; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 7eabb448acab..fccd5da3014e 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -522,7 +522,7 @@ int smack_populate_secattr(struct smack_known *skp) { int slen; - skp->smk_netlabel.attr.secid = skp->smk_secid; + skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; skp->smk_netlabel.domain = skp->smk_known; skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); if (skp->smk_netlabel.cache != NULL) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 576f412b8616..1c14983f87c7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3723,11 +3723,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) return (struct smack_known *)sap->cache->data; + /* + * Looks like a fallback, which gives us a secid. + */ if ((sap->flags & NETLBL_SECATTR_SECID) != 0) - /* - * Looks like a fallback, which gives us a secid. - */ - return smack_from_secid(sap->attr.secid); + return smack_from_secid( + sap->attr.lsmblob.secid[smack_lsmid.slot]); if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { /* @@ -4703,7 +4704,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct socket_smack), }; -static struct lsm_id smack_lsmid __lsm_ro_after_init = { +struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .slot = LSMBLOB_NEEDED }; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 22ded2c26089..e592e10397af 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -1140,6 +1140,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new) static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { + struct lsmblob lsmblob; struct smk_net4addr *snp; struct sockaddr_in newname; char *smack; @@ -1271,10 +1272,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, * this host so that incoming packets get labeled. * but only if we didn't get the special CIPSO option */ - if (rc == 0 && skp != NULL) + if (rc == 0 && skp != NULL) { + lsmblob_init(&lsmblob, 0); + lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid; rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, - &snp->smk_host, &snp->smk_mask, PF_INET, - snp->smk_label->smk_secid, &audit_info); + &snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob, + &audit_info); + } if (rc == 0) rc = count; From patchwork Tue Mar 9 14:42:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125715 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56BF5C433E6 for ; Tue, 9 Mar 2021 15:06:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 185586526E for ; Tue, 9 Mar 2021 15:06:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231382AbhCIPF2 (ORCPT ); Tue, 9 Mar 2021 10:05:28 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:43040 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231681AbhCIPFH (ORCPT ); Tue, 9 Mar 2021 10:05:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302306; bh=omFPyEjnY2cGDGLKwfF2DECd7JyX0trPj8ccTe5YsPc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=d940G/CQrzevZEsO9LJe2Efka9ztt0OF7P1owyVTjl99NqpB6OLzPtuSjrPzp8mQxJSDYhb/5Sp4M7hEggHkH27hA2TL8zH/sPmRCTXU68qh7zWiUaXnNtItuN7oohbnGhRaq05I9ONCn9o8B8LCj83nQK1PEv7dVTVR0uvT/K5zNglDymVyYpKxgGZplIx3kvbj9HnQcADfD+mrrmFkt6UuKJk4YONbrtl73F8RD1G4QiCBC5p9qCzDzC82ykj16BwoQVhswGVHQuUTCDEgMhwHJBh/G7C44wl5mPqAqeTAb9IGyit0dL1qLeH2hOQIQ6PvNz+XpxjCE4jUSRX3ww== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302306; bh=3WYZ49h+ubXzSBzg2RJxbOCE6ty+0cjSdrG2U72yPBd=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=FCwd5LSGdiVw97kGJm306TW0Ak+ePu5ByKE/qJ9YOWC9V36iY78n2H3zFrgS8Qnz6CpmyRd7B2qAdg0XJZ/hya4VxNDTX9N/jqWjCo+1Gjo2xdo8TvIjyZCL6AZOLWya/m8PDIxZYveCbbrIbsmHGtmifG8FbCnWHjVyU5eW+LE60+I9XcpEP5Q3+D98axMF9g1pOwGw5F6Zwgf6PNJ4Biuud18vtIa+ncsQh+DEpW3UUcX9JN6znpONT8XnM46oWuTfAjLZ3aXMlqD3myojTF1bVAU2wz6SzacwPNy3bxw/49PFH/x0eRx5BPfQ7oDEo/9ARaxLV0K/uZXnLokz1w== X-YMail-OSG: RRWc8XIVM1n065f1kMl2RVYJ1LtQOlxQkTH.hTmd3VWdJjznHdVakNP_xBMpOLc wdnihRfHnait4F2MIWqRHYLi_dOrFgampxDDRpq3LiqQRaYbv2_S8Onzg99XVPfVEHzBxlqj0pcv B2SAZAyzPmDSFwI0ij0f2eqVXPBKrndbawcYjOzemS3JlkgFYysAdfMN1GfKNWeYLmRT0e5MxIlY _moODuRTr2IWHINdUkv182OkUl4Zzs3a8m5Y1VE32u.OVE7ueA9ASN3PRMclM0WC6AQ7qViOvAl2 Q_M8DxX7ut25hzVg860tqUnQ6iVR_3orPk_gzZ5Jxj0TyNgd7NjKTGqkQVr8nPAqO0zgxLBc__TD g.uEODRBXOF3B2Q_AJSSBf6UNqtT0pISsHgS5IWdhIiYboa6HjdfiVMaNKadFeO0PMfuFG0U7Chz VxwoML9.X_EHEhrz0wTi_9v0i2Hx8TorgjvUhCSV6Al4VXBhR2ttTzNdA48ogxhZ_XFKMzhM9O6g Jr0pO833BlscH438nMkYKbe7.QRF4P1uSAkaXj7wAlYLsfVvAZI7Gd8rawJm4CiLJD4U0qBSRDzd pQ58nPIXlKRG1nbJrC9_OpuOMQIi01NWYu2z0u7VKQxX3vM.g066bMej0B_sJ2I5RCIpo_R810t3 iy10CPHt6YfIV4eEnOfQadSXNWm9iT73RX1FTVBYT6Dh_NF1QoZdflLqbBkhMnji_wV9EZo6DqAC LpvRj4i0H0jqNT2j7XNrmxgqTU21Y4HfCFnAKYtoWR7pxpytEroWper.SloWwMd2IeJfMGLWDjjY 8c.A0vt6aESx9p4vhBLf6IvvXvsE4wGmZJ9vMSzkgKjlcbzuT5uhWHgW15Xk8r4IwxZgdhNEdDBr QbBFvJdZD3UT0M2aDL_2vNY1WeZrg4ZHcvIx_jI3B3ivpS_PiJWusZMSQDTHmN1bfBWyp8DAhPPD Ig1bot6RpfNEOI3sRNpr.ZlSefyd3NbjPcLegU5VGFB_0RUe3xWzOSMSxwGKbPRPoPB8ZHVNlrtX QKFrAU04sNLM5AmIhSfH3kROz.nj_7w6Ki_MsV45cJ8WfSeQtb.9bgPix_c59LlmT2jdrsqlD6FD sPKK6.PhKppI7AEBrvmS.WDInL7RoEJYvDlSxz7bQAFmavPHpziTtf3ahfDm9zpiBqPv1cyPSKC_ 3KQNKsx800DRrqw_KscYcZL6jyVXbBOFyVa.sXeGrSx7TlX4SwB.9PafylXpZ8YTDnC_ZfaYoNef i7zHbxo.M9xmLFSwsiaPm_5JwMX_6uLlGWyL2swMGeNX6joFc0nLHJVLkOXfSOVZcajrZaniWBko f2JV6SIRinIMz6.ZT0Rn_A.Rrwpvrnmyn1u13lJIk8TKroexGUdYdfUZ1BhXhs_bN672BofeiWId ALmJ9SYnd3bb.5B.y8UnCT9_R_vcfNxsBuFzqkV8ea5vi2nXepqcDoJciRPRzSZ5MAs19QVve2Hj p41KkNA34poJR6qMtP3bEK08gSVNCAfSzfLszXb4L8K91nUX5m7qrzJCahIj1VWG1NpAya.s91kI VIsaF2LiuuRPhbzUEdF811wzkwe1R9T_xsiT7YLn2ImfDKOjiK6oDjkqOusH1p7DSDr8YBX7jNfQ .81Wdfbp8HT5GJaP9sIcablrzRnaStrEQ7zoMP2ZCn78DcBM_WrUKoHg_7wmPuSsqnOwjwHDTlkZ VoqmDxaeUP28hwloq5FWGIFVUtz7VJhr1EqCZ6qUgIoDgBj3IYtbA5wjOn_.RfcGT2nTzHCcTAup ohhNz5NykSWCFsAZq76wUqPMeL.zt6NvXHUyG_QqNsHlgjIH9d24Re1fXPQXUKuqHHu4c6oQA17r n_O.EtCJoP6r35PDatBEO9XmWQaqQwuCCC99M6UjJvvHKdoiR_0YqiOzCDw9JAUz9c75B1cos.Ju 62p9pzaRf3tAPDlGuvsxTR_uyUqDNFjleD7oinKOe8k0LiWRgYQRytagxVG_6Keta2IUSGUNmVCC JLn9ZQ5A3GmBYkFckdtdq.4yiBcYd0e5rrQ9inFycq2I3CTJaXZiXAyuPIb8BIyoUmDd3L62p0R_ n30z3K.MVooKTHbi2iBWZxAKQlvSXxix1iCmi7LdydYWmqPum9NraWs45H6yKvAP_ZVhYtn0_U5d vbROt5Z7Kg89xLKz1ty0JglpEYkVIiVxXm3PliOk08PWHNRaHbiuAa6s80VzZwfQ9LFdoDJL3cXn 9E0pE2k8cmLt3jNKNCPZbAmEn4j4FbIbN8uvUhq5h5mugyFnWAxnn2zc9fWPG87GGwC43DUJ7IFj Ut8IU.Y95Sz8311ETnlNnEItdEyt5OYE1WxtRYakdQMVQAscHRJiCWYB5IfXos9XzPRp4QanLuGa SGNEoxnePNaLUKG4rP4mtIM.ayFuaeo9YDu1s5y6ja0uN1wa0ViddbqiXlSoneQ9KV0i20ESY18r ZLNSrJe7N68qsiCioRoLRq9_0styAoX1j83FS3aBwGO5tAhaPyqEqPyggB8fY1Mvzg6abTLWv2Jv EJUUgIe2mzcNB42jN4.Eh9oBDaKyigPoyLN7UGDSn75DBG9tMooS1IT7z_DJNDRCb3eVhV88Kwec gMMyA9DY0Qv.mzf.qFYPSilAIqwGyzV.TwvmnUrAjqYZ6kqN9fWqSk6JI50cxZXu9MbsObbWQbNl RqHY0vYvJATSy_PZs.KRqM41ZcnSscue6m5Byra7BPXrXV3kyrAel6glMzh.6U88ngQsRcCa6IRY tloo3jI1K6T6Omi2HsNbZf6R5yZRi6Ut4v.IvhnpGGYphab3Zbt2.s2baC7WzIiiemr9Kka7iGnE 1faaWL9bR5_6xxd6GRfIlKIfMjLlIyplmSq0RejPx7RJl4xAoqQiNmWFvb573CUa6F.T5CeI2l9u oyhewFIZ7Z2Bue33L3F4T9352tXOM5xNQC3Bgj6RnXNjLNHhTMGsK20RHIKreLuMnqGyGfOKq8Xz 5iA5Wk02ZCmp9G5Kk9X8yLUYoThIODFkNC3Ky1hq9ZL6hNEb.lvv4tTEcNnC1Fy6FoTFFgHezUH3 I2RrzekaIcx4GIp1fTIENejW4BimF2u_LKocNfBJeWWDyhNzDfOs8tgc11JfZ X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:05:06 +0000 Received: by smtp425.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8035a072f5ee31803d67cfe7edfa7010; Tue, 09 Mar 2021 15:05:04 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 20/25] LSM: Verify LSM display sanity in binder Date: Tue, 9 Mar 2021 06:42:38 -0800 Message-Id: <20210309144243.12519-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Verify that the tasks on the ends of a binder transaction use the same "display" security module. This prevents confusion of security "contexts". Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- security/security.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/security.c b/security/security.c index b88f916e0698..5d3dad5f800f 100644 --- a/security/security.c +++ b/security/security.c @@ -834,9 +834,38 @@ int security_binder_set_context_mgr(struct task_struct *mgr) return call_int_hook(binder_set_context_mgr, 0, mgr); } +/** + * security_binder_transaction - Binder driver transaction check + * @from: source of the transaction + * @to: destination of the transaction + * + * Verify that the tasks have the same LSM "display", then + * call the security module hooks. + * + * Returns -EINVAL if the displays don't match, or the + * result of the security module checks. + */ int security_binder_transaction(struct task_struct *from, struct task_struct *to) { + int from_ilsm = lsm_task_ilsm(from); + int to_ilsm = lsm_task_ilsm(to); + + /* + * If the ilsm is LSMBLOB_INVALID the first module that has + * an entry is used. This will be in the 0 slot. + * + * This is currently only required if the server has requested + * peer contexts, but it would be unwieldly to have too much of + * the binder driver detail here. + */ + if (from_ilsm == LSMBLOB_INVALID) + from_ilsm = 0; + if (to_ilsm == LSMBLOB_INVALID) + to_ilsm = 0; + if (from_ilsm != to_ilsm) + return -EINVAL; + return call_int_hook(binder_transaction, 0, from, to); } From patchwork Tue Mar 9 14:42:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125717 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F289DC433E6 for ; Tue, 9 Mar 2021 15:07:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BC97E65279 for ; Tue, 9 Mar 2021 15:07:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231571AbhCIPGc (ORCPT ); Tue, 9 Mar 2021 10:06:32 -0500 Received: from sonic309-26.consmr.mail.ne1.yahoo.com ([66.163.184.152]:44085 "EHLO sonic309-26.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231816AbhCIPGR (ORCPT ); Tue, 9 Mar 2021 10:06:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302376; bh=TxxkSM81ZezArD9sVD2hoKVuJuvsNBpvOjm6apRSzaQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=sdWClzC4jYLI4mgcJnabTC076rsmBUoTcknuKVSjIFjlYB7ZH2myvVWU/RgkLXfvgnSY4LrRASZPJB24WvGqvj2TINtByaZ9xrck2qOdKY/AsFZ4ZsvzJzH3zCnnKUSJsw120rgC97IxRebdGwC2pGPkD642xMlrJaU8MgZo8H9lrizrHCRazER89UV+M3hnNX3ikoGE+Zz9QR6sE2FomIDVWdepkxLJDuzq6gt0QYCVY30y4OGwta9+U3CA7ah/hiI8/GXz9J1kvoEun6r03oUiSa9f5BENVl5XkHUwrmVXWs3bZOpu8N8+lrCSOsJWttqmz2B9rHv+n+k8JEkvxQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302376; bh=b2ogy89he/FMha1ep/xaAwy3UMDvA1y+ht1KeX4SwuT=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cVQzljz3ipe58kOjYH/6RU9BvBy3cO785rYbBw0oRXjLdzOvvm22jWkm1aAlJ8QAL8zedPmVDOjetBzLH2/pP12dwBy0iMe+NBHcz6xLaNGiOQjf5EjMiGMcIUCGIhQStmshk3MPh8fzlE/cJcJgS39ddrRC3jnhGPpQfwmm1ZiJSah7YmumSzCFGsOrwIVbTwVO24GMOkuk+2KSHP0Ux5w7cksUC90NDe1Ta64DhuIy8+RPBKdPN/1VaI7TauNuKh77ygpoF6j9THP+3jg9JQkZ/aOS0jyzY89yroN34bgNal3QgoRhVJPw3IkMpVbsMJHLIwiHV80ES4ulTap7bw== X-YMail-OSG: 9PDwTAIVM1nQCPXPhBPIvk_VK_.co1ePCaaNm94JANFgL.M5pfB8VpCuLqyHIfK NelvJOSiPUMuEreJ_2qWBZJflHr18Hc.1vzZk8R6WPNBrACG.KB0SMquezXN3k5FaH8dioHvmwmv lcqV2e7K32GF5ZwF4KrveFjOpFc8fctbe_WOCE_9h3huypuegMdaleXzgKY4myGnHJQM_OEj4j91 cluGt9K0W4ARwBJ1pZwaUXQhlACtvbDq8N40Zamm08M8kO3Ewcjx9N5EA7m9322O6iTRnlnhQt5a 69naLO8TTD4W.CSUH0m3k.DPk07e.xOq9X9s.GcWmD0iML1yfdy27PrgpOg4vuLoiXYgCYiWOzpZ IgTTocXZjPBOvULPjO2xV4WbpqLrVkG71htE.SIRwDYwBlmUB7e6CyfvR2l7pXmQ2HG56ms_YTCY MKhFmlbjfFA9hpSoetIGZe5U0Za0IKQLvYE.eZcT233ZXDIooeSBjwWLb5W9TYHf5G5KavZbYTwD LDkGO1tcccsKE_bfflIjkkVY40iCdhZra0I_oQhUAmhxmwL8Vn2I1.l8mzt4YgTb0ivTlRZkRpNU aZCEJuwOT.oY.PbLR_1fYVpXApgMwL1S8c_V.o.IIPKv27S4WNubxz15qTZ_c2mzNAAUD_vcQiMI D5XjP6CJuG4KuRD6U2ohcV1t0s1k9GDXaWy.jRfp4Q0AdduxnIWzLY2LBTRquDzTqd6OTg94SO6x A97L6UTIlo9820UblpF_k_qjibOycZHiWzFRLWchfb5Dxoj3q0llIm0tT54JEOLRFVOZq76S.La. ZAu8FjnFILchMP1ap0ekhake9O7hODqO_hbSU6Tvh7TZff7expE4LQxun_kBU7nXIvNz7nAGC5hc r9XZquUsGmSJXrbfz3bJYfTNZWJ1ZdtdthpAt6AU7SnoTKq9E3c1vuid7s3sQxbuREI9C3t2TLVZ DWjVlqpANM7vN7T6yVQusPe_fkfzlqrZV_mbO5sxqp.9qDOqb6nq0lOXsQUY98XR6UdRR0e.I_UY 7DqkzHTb7egkIJz7de7nAqntyrGt1N0BJdxjltk_8192EXsKUaBhhsDc15qTIK9Gow5hUpyjXfE6 kGhkoY9nl8hS919PANi2OiKx92bNim5val7cp7rgmjfGS666H8IHE1uK0E5zsOYZ_wu4XKeeBNYD EjHkxaXBuF2IewDAGXJZrDHE7CBL1aF3tzzHBX0awL1Jo9PNV5EoqxgtKByXINDE2_8mLsADiPZv U72.xo7xNPQYR6zpw1KCyFcICJloYZ23KDoexPWZa_8m7dCU5N.ZC2CYLfYeZL_1bRu.W8rN0ocZ Qi3y889FMviGW7mGGyepEMJr6eSf2YjtUX2ONDrTkzwEP7QnnIcoCRNl3GRX0QtSSrK2k378Z5e4 qG.PRw9PxE2yVfnUidf0hsY9hHl5BzH9dEvTNn6JfYXURvh81uUFY77yDnMdYz6j42KjMkDvHZsK lm7tp0GnmGx8RF2EqNYyzGoBa07dpRQGmo7on3ENC2gZIDtRuHqEa_FAtzlf8jiuszBWyA4SLLQI VoFqcZpjqFhKMdpVf1ParQDeFPEvPdliWfPZ_bBWc3IlDLJ.N003n6sFbW9_PRGF.J3RV7HHwunH F_fKOWtn7NiyfG_Lpr6.vIOWMW6J0nRc8uzEYaAhY4X5v4bEKBqb7Xmhh.z2JmQlOZZLHtud6xek 2OXLonHJfvqqoK.XP..mM_KyzqTOyNuwL0UClX_olA4E4WeV2pibKYaMm_hKwtPKG5Mq3oOLLkeN SuY6_WzwUXDO3OXj3TxGALQt4Cdq1bBA9efpnWC.Q2NLSUXgms54zUW0U_RgF2dGcjd4gYV2VTdP ARMN3scxXxG8MJ_qKzukXorS2Zbji9sogJ_Xo1qNULdtqKdYso4TvJ5wUQQsUjv1JiMdV9MG9j4F oYeWDGSUw4SAFkhvQHS85GRFEW6Xl5FsGIusJSsvyh08y027yLVv0KisZypI2tcygrVqyH_BmUaY VXHFK0xKRhS91hJn9NW.B_vqme3aRx4qrkAXQo1AsU1hR_kz9AhHBHylAfNA0Cip2P0Ybx9T8wS1 RiNlfqr31MVy_dVcZvSWauWGa1CSbVtT8xIk6JfFoOy7CDVT_RPBBnkiWwAOd3a6kzTMU5z1MS4G CXJeXEKFXxEAAAfhyUXGyKO0Kk_UF4PzoXWWKUC_7UmN1N02RelQl0kiNpksHdE8faWNjCvnE9ym suWd4N3o0yhW2kdKFjtYY7Tm1CK4PMyzB0mkkoOuzk.VR6vrcr1W.UasTaUxCmEpwO3VxYirV2Sx vl74reLd09mnGUfJvViilZx7ssixV5gYZxhUb5P0SpEh9u4cbR0.Jv8cZmAYbOe0amqHwqum7ZMZ mELpaJADe.nth.nwQzKr0j6tOASfFW_F3_r0OeH9xCG5GH3lPbFG.z2_HmNo7fy3b9.VEmbncAoA UpcS2X1ZfKZNWWPvCtbLxIuLB4R5D4bZ1fJE3vKdHWGAvz4Q9w6mOGWC7lQPrVR1zEo5Yc5avTm5 i2kaZ3BvROhXkfU9QjtxK9INtb4yiXE8bSMXXThjL._CuAIcpGapi_rzzp1vQeWDcvovHp_4GpgS T5qZZswPbYLhZDYztxApGAvV0oSELx8YY7tCALekfR.GOM1FyGYgW5pFDZL75jRKWVumHTY0GuW3 n1nbrCkAK6UcbeUdHE7m7iocGHX301sEY_EzqbOYU6ny_AUPlUZD_T4dJeodTr6YsHFJhtMAb_gF D2R7aLrC3535kR164Vwc9Cb6nafDPsRWfwZkaMXp9GxT0bjEES7vMEiDEE41BY8f3RKMquua_JVB lV5phNTWn9BCzWKYfay6jknILPTFXPrjPQ3azAU1rMhx4a2J.1IV9IY91dGeaJVwwVIcstSeTmeX mh3qU_eWa9b6gLFRrzQjpWhLYL.2mve7dE.lmkPa1EkSwT9C_iZB4kYGQ209mOTIbGcIBTqSDD.H Q1_L8ZDLyB5sstz.uaKR_r8h_irUTNp6yDzGsGUejgl60lFG12KDCMKNjM32ghzsmr7OSyBfRrgG jlRVHetUrIAHjnanfeHwqAij6BHduqWBxQNKKRbRT6YAW_ASq8lbWAK4MBZzF1nVyde6cLwKF8YS vv.SfNJAtVwofLk99eOI_TO8d0q2_zFL653eDhZsqeDzLtEA4Y2szOWTs6gfmUEP7 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:06:16 +0000 Received: by smtp408.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1727b5f267b5a9050c270c01787a4afe; Tue, 09 Mar 2021 15:06:11 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Richard Guy Briggs Subject: [PATCH v25 21/25] audit: add support for non-syscall auxiliary records Date: Tue, 9 Mar 2021 06:42:39 -0800 Message-Id: <20210309144243.12519-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Standalone audit records have the timestamp and serial number generated on the fly and as such are unique, making them standalone. This new function audit_alloc_local() generates a local audit context that will be used only for a standalone record and its auxiliary record(s). The context is discarded immediately after the local associated records are produced. Signed-off-by: Richard Guy Briggs Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com To: Richard Guy Briggs Reported-by: kernel test robot --- include/linux/audit.h | 8 ++++++++ kernel/audit.h | 1 + kernel/auditsc.c | 33 ++++++++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 418a485af114..97cd7471e572 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -289,6 +289,8 @@ static inline int audit_signal_info(int sig, struct task_struct *t) /* Public API */ extern int audit_alloc(struct task_struct *task); extern void __audit_free(struct task_struct *task); +extern struct audit_context *audit_alloc_local(gfp_t gfpflags); +extern void audit_free_context(struct audit_context *context); extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); @@ -552,6 +554,12 @@ static inline void audit_log_nfcfg(const char *name, u8 af, extern int audit_n_rules; extern int audit_signals; #else /* CONFIG_AUDITSYSCALL */ ++static inline struct audit_context *audit_alloc_local(gfp_t gfpflags) +{ + return NULL; +} +static inline void audit_free_context(struct audit_context *context) +{ } static inline int audit_alloc(struct task_struct *task) { return 0; diff --git a/kernel/audit.h b/kernel/audit.h index ce41886807bb..3f2285e1c6e0 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -99,6 +99,7 @@ struct audit_proctitle { struct audit_context { int dummy; /* must be the first element */ int in_syscall; /* 1 if task is in a syscall */ + bool local; /* local context needed */ enum audit_state state, current_state; unsigned int serial; /* serial number for record */ int major; /* syscall number */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3db1ec97720e..8994d4f4672e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -927,11 +927,13 @@ static inline void audit_free_aux(struct audit_context *context) } } -static inline struct audit_context *audit_alloc_context(enum audit_state state) +static inline struct audit_context *audit_alloc_context(enum audit_state state, + gfp_t gfpflags) { struct audit_context *context; - context = kzalloc(sizeof(*context), GFP_KERNEL); + /* We can be called in atomic context via audit_tg() */ + context = kzalloc(sizeof(*context), gfpflags); if (!context) return NULL; context->state = state; @@ -967,7 +969,8 @@ int audit_alloc(struct task_struct *tsk) return 0; } - if (!(context = audit_alloc_context(state))) { + context = audit_alloc_context(state, GFP_KERNEL); + if (!context) { kfree(key); audit_log_lost("out of memory in audit_alloc"); return -ENOMEM; @@ -979,8 +982,27 @@ int audit_alloc(struct task_struct *tsk) return 0; } -static inline void audit_free_context(struct audit_context *context) +struct audit_context *audit_alloc_local(gfp_t gfpflags) { + struct audit_context *context = NULL; + + context = audit_alloc_context(AUDIT_RECORD_CONTEXT, gfpflags); + if (!context) { + audit_log_lost("out of memory in audit_alloc_local"); + goto out; + } + context->serial = audit_serial(); + ktime_get_coarse_real_ts64(&context->ctime); + context->local = true; +out: + return context; +} +EXPORT_SYMBOL(audit_alloc_local); + +void audit_free_context(struct audit_context *context) +{ + if (!context) + return; audit_free_module(context); audit_free_names(context); unroll_tree_refs(context, NULL, 0); @@ -991,6 +1013,7 @@ static inline void audit_free_context(struct audit_context *context) audit_proctitle_free(context); kfree(context); } +EXPORT_SYMBOL(audit_free_context); static int audit_log_pid_context(struct audit_context *context, pid_t pid, kuid_t auid, kuid_t uid, @@ -2214,7 +2237,7 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); int auditsc_get_stamp(struct audit_context *ctx, struct timespec64 *t, unsigned int *serial) { - if (!ctx->in_syscall) + if (!ctx->in_syscall && !ctx->local) return 0; if (!ctx->serial) ctx->serial = audit_serial(); From patchwork Tue Mar 9 14:42:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125751 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FFCAC433DB for ; Tue, 9 Mar 2021 15:08:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 08C6865279 for ; Tue, 9 Mar 2021 15:08:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231320AbhCIPHj (ORCPT ); Tue, 9 Mar 2021 10:07:39 -0500 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:41284 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231794AbhCIPHX (ORCPT ); Tue, 9 Mar 2021 10:07:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302443; bh=esAQAoXZfvjd6ECOL56+RGZQx19F3N77suJWS92jbT4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Ct8YWLkBwLQm5vfBHhrOMPQ1ILSdTB2xu66u7zsrP2ZNiRtAgzD1jHN5isik0Ba03/kKNUkZxAUXRxKfGmrhQz/UZ3biEFVMsReKa1uowcVMMBrQ7bfDXLGwZI3PX9gPqjOOHhShR2JwF8uqpYZ/NluiXNbVDRoeCX6MgzAmWAI4jXSAtHdzMZ+YXCBc4EIR31DPTVvozvbNC5S6Ww/JOYLQ78wnrKq+4ugFc3AZxlCQNY6WG3I1Asur+M2YAVaaexmo5NKPkk9pgB16bzFHHmhKdkb3o2eNG4MD4KwyJ8XMIKMCqV3FsoLT41WtKolMHXIri8Ha7Rxenl10qHEsoQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302443; bh=zWZQgFkLAM2YmMcoXymItwSiqxFHYLy1/4YlFk65jvD=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Z3f9q7JDbasDE2cesz68OIM7KvKnZJz3oBWABeCp3wFGH04KDLu9pwFwzi2gFrkl1PVc2YAJ7WpfStUIUsfcVEoCISw1OStbxm15lKia7aR9APkiqD02uJAdGisui/eOuBKWbcsgKz8Ig385014ThfZv6xjJRC1ztLZo1y87CA3zJvEsPu2dKL4Sy3k7uMy2y9RTMb0dB7diTPsS/0LTabZTO7nB7IgULTEHjx28gCMffMcnxiOpe7NY2psnPGqfrIBQUDwm+8AEJsNsZ6TM571PfX9YTRi8uoUvBjYR87gTs3v0TT4OrWhxbl/h8wkw2dlhs7pxd7Zg07yJ45F9vA== X-YMail-OSG: PC7Z_PUVM1kDexuUTlI8626cFjfQH4bI5H9NZKSTY5Y9jfPf_bR5zRtnmcX3Sa7 iOpqBBk5cbUGAECIwZQJfx8wd.MpfGncwM3FG6FKpBLu9ugjD29rmZvbAAmrBL4wnHMpqU4ahVf8 OdAGmVQIUSzJY.CrFeGFLyFyIeCa1rs6Mcg_GHtKgEklJtzy7YxXtLWF2Jn6ujbn2dphHr.Gu43o EZDGOcCi1ZAS3owhedOauBSKQ.jTBue0LwvQ6MeUx4fOMjyyNf_6B0O5wGxgJ7aZq0d5kHOnyueh dnwOA1gaB6caBJyaer9BYni0FHNaUoF2B3X7lu7JrE_Yp.hDh1e76.lCcwLTnXhzpsto3ZOWXezg 1694ywpYpkwhpwZvrxyH4ZZ5.68SATiL6YMGNm2Vrn9JLzT2fOS.6JdMXPC0UAmgu8YZOWaUdwE4 FDeryLNlBr8.CsX6Baa1P7VmNMThqEDgpyyCqEr6UnI7LClSv16.0qlAdr8yGdKyjtT8nWqaqIsu 427mOH.DQR3Rkz.5ZHipbdRkIagOk2Ek98K5_uf2IRzjb8LsyiCLL9jx0XEmKlYfp66V4OqlmwVk PqkFR8aMT21rnBHKJkPE6tI_F8wtOKQtg5RLeYY.hkOIjv.Er82OIX80fgcUHYmvUltS2vx_6h7R f_0ieNEuxroZkXM4yFPvqKRkM1kSF666DxD0ZKicYxXBLTDf_ig2hEY6.S3luRokh_d4qPVX68BX zdx3EYR9qWeMpnBSnppb66qKCNa45qgVE1XtKfeFoXsKUFnol10Cgmv7_m4QTsDbKAaNPvfoPThS z2OzvbNLFtWQ5v7Wu6YftZwNm9yo__pIl7jMJiCIe9k36jxbDS0XH_7IzMFGGWZxvN6r78xaDnXE ee96zjkBGWg7PfwjTt8gDV3KITHEp8xWfniVr2D8vxFxIUROfsbaNeWBTBc_b8qQrZsgW2GdbQM7 TAFIWRiK6WeHL04U7KswFrSTjmpb73mSbGF_vfc.vtZ7iSSzKyQMtfluVtnbcV8OCY5..onSH1rm R15uQ7CtkdAFiUfEv9LX50Jxbj1Tv2ztpnu5VuurrBWQFoaL1GL0SXA4QMPd6DZQ3I4acTDt7xtc 91dQvNXcgqMKEDPXyzPx6xZ1otZQvi3aWIlYUjjfjoLWQBhj8TeFQnrf2DX49Qdyd3bjja.vtRxd tzeatCIuNkIGOwHaDAZNfYiAATzRhtPo3ZL9nrJb2gaebaEO6W5QUniEDpLERzdsDZBF8jBVOdQS vDkLxchg2it2NLXzz1DmRQt6E8piccO5TMiwaAebXc3eD6nAc9mApC_O4MQ3JHZawY3AfvCcXAt9 xxWrETJFw06AG7FSd5s4Y94.AHzTcu0n0U8jJTfuXG5FkWkBmzSG9rew5iMOGEMBHr2vK9sZOUh6 7GRuZgOjwfp4kpnasyh2G07b07TqUKSQcYkl5OIBxPWXxUlUi7KS3g_JKzNkco1JJ7zgS93T2ZJf MDkbPcLMXBtazBmlfGsymebmjAMnjFPsrAfEn9jV9_5siSeekutHYtlCnmgGzvYDhCUNVk1zl9X6 FPU8wY6Gn0YNdlXHwAwaOdcjL.0hJQK2c5DBe6gKE7T4DpbE.fLysB6.iq99pkKNWw1WJidpS.GN lzNNMlbZhG5_x2et8e3dvA80OTy5NMyFjEq0ivJJVjiEp4p_ibSOTQl0RiyL4LZJyCk8qdiSAGGw 6PT987f0oLrttcEq3qlCHW8426Qat03C9VHFaTBI1WzvUX.K.PjvToRDRq4wVEvEL891pbu.hrKq 0cLQYyd7gmiOhxbZ_nCdqRMMRvpa7Szhs5Tv8azm74qxrkEyiuO4LlZL3DF9OO0yKz1uagAVmrPM Iay3KNrf0QW.hyd.rvAvriE1L1x5odNC3kCLevw0MIeyvGzgyDiKITni2EOcxGWg4dmNbJXBAg25 ZM4ZrRV0Sp7G58cJO5BxSnHHvrCey5NYZFCTy6xaVXEaumD32ESP4QG9Euv53aAzuYrb8ADpsPnc _4Nf4BTPUgA4smMCHA77mSFtpeRIogZ7F5HDo2JfqsR9F59dPoxfkCija58HuwOlkXuZHO9WkBTS AC9lRH8jLkEq2DtQHbr3LH75f9wMILWqDC3ybYqHBGXFbt6.mkUbGOBSBM4wWTVrCehoyE0eV3mI k2ySqzXAfAOk7q8niyk8X2bHXcQldXBTuyvIkIfGeMx8WKAfskn2abl_AoMkMX1lh.QABBVhPktP xyU2UqoSwRGs0Zgpnhsw89nalRpyzVMl1BMmb31bc.5hucwS1LvO60_1ntx1pQCXkysP8e0D8_09 TXqKWD30gy3EtZz5VhmFIXJ7gphorvsl2PBPNlvq9OdBdluSnaPdU7MZiOGfPYE5mwJ_PCowcjaD hV_B_TL08znRUYhltp0ThNGz4Q739PGMgzL9CZMv81DJrw2_1bbpmPIjyjWMcYUPE.7ketmcUEoX bV2193seKV30Z8u7O7OgdG.OK7ubgYhsT9Mggg.NL_bqTbCngenizns9zQLSJLfSJ3DHKlzqm8Mm svgLZbpHAbiLklNU3wXIzNX54QG9iML7ie_b51cpKNIj8SisDDv6S.mSFL9X3Ua30yhGufaWiEmL nbIGvpcAXVolZ9sFhbq8vW04FcPRy76UBYD18fcIW5tjfYSE3PFbz41CovP07idMKHYdJjruonu0 LeFMiCyltDo5ndMjPJlgl8Crn.vPpQ.5nl5nGKGk4tDoOjA_vwz6gjNyHZ4fdfcXhWs6PsW7YARM VtsfUNc39dcgNM3d5tGIpb.aBM.9cd.2EamZt_l7omBW5bK5TUHCwekx0Mecy8JFZkZ4ltBTiITa uxPbYuJ29I3WJ2.z3pUbZmTfmYKKBv7F50Dszya9TGifO4CFV58zUok94y_oRHW4GOnM1d3a3A50 LxmuqS.HgTEaj967fWPS2f7ompbP07MZUmMLbcLDHdL22rRxBCvPxYF0D0rMEunwOUDzuD7boK8t yeLGeQ5Xy0IeEv12EYCA8mRcjSMo16UqZxaCm4MJG8OjTHAtr5G91raqNQuToMkMWAlA.ASNcAfu rskpfsY.vhz7mY5kz5IbEutKznJcn8kj4uP7uCvolZRT8hyk5exoxQUKewCKyPWTp6OsdgFV2aIw BicNRgQf7y2VQL.tk22fjcP.0tBHS5MaAqJCVhR2sDcch3kWXnFygDqOUtYICNELiA6U- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:07:23 +0000 Received: by smtp415.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f639b1dc45e1caad29e903ad4995b7d6; Tue, 09 Mar 2021 15:07:19 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v25 22/25] Audit: Add new record for multiple process LSM attributes Date: Tue, 9 Mar 2021 06:42:40 -0800 Message-Id: <20210309144243.12519-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record type to contain the subject information when there are multiple security modules that require such data. This record is linked with the same timestamp and serial number using the audit_alloc_local() mechanism. The record is produced only in cases where there is more than one security module with a process "context". In cases where this record is produced the subj= fields of other records in the audit event will be set to "subj=?". An example of the MAC_TASK_CONTEXTS (1420) record is: type=UNKNOWN[1420] msg=audit(1600880931.832:113) subj_apparmor==unconfined subj_smack=_ There will be a subj_$LSM= entry for each security module LSM that supports the secid_to_secctx and secctx_to_secid hooks. The BPF security module implements secid/secctx translation hooks, so it has to be considered to provide a secctx even though it may not actually do so. Signed-off-by: Casey Schaufler To: paul@paul-moore.com To: linux-audit@redhat.com To: rgb@redhat.com Cc: netdev@vger.kernel.org Reported-by: kernel test robot Reported-by: kernel test robot --- drivers/android/binder.c | 2 +- include/linux/audit.h | 24 ++++++++ include/linux/security.h | 16 ++++- include/net/netlabel.h | 3 +- include/net/scm.h | 2 +- include/net/xfrm.h | 13 +++- include/uapi/linux/audit.h | 1 + kernel/audit.c | 80 ++++++++++++++++++------- kernel/audit.h | 3 + kernel/auditfilter.c | 6 +- kernel/auditsc.c | 75 ++++++++++++++++++++--- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_domainhash.c | 4 +- net/netlabel/netlabel_unlabeled.c | 24 ++++---- net/netlabel/netlabel_user.c | 20 ++++--- net/netlabel/netlabel_user.h | 6 +- net/xfrm/xfrm_policy.c | 10 ++-- net/xfrm/xfrm_state.c | 20 ++++--- security/integrity/ima/ima_api.c | 7 ++- security/integrity/integrity_audit.c | 6 +- security/security.c | 46 +++++++++----- security/smack/smackfs.c | 3 +- 25 files changed, 274 insertions(+), 107 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 4c810ea52ab7..28f573d46391 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2700,7 +2700,7 @@ static void binder_transaction(struct binder_proc *proc, size_t added_size; security_task_getsecid(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/audit.h b/include/linux/audit.h index 97cd7471e572..229cd71fbf09 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -164,6 +164,8 @@ extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp extern __printf(2, 3) void audit_log_format(struct audit_buffer *ab, const char *fmt, ...); extern void audit_log_end(struct audit_buffer *ab); +extern void audit_log_end_local(struct audit_buffer *ab, + struct audit_context *context); extern bool audit_string_contains_control(const char *string, size_t len); extern void audit_log_n_hex(struct audit_buffer *ab, @@ -188,6 +190,7 @@ extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab); +extern void audit_log_lsm(struct audit_context *context); extern int audit_update_lsm_rules(void); @@ -226,6 +229,9 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) { } static inline void audit_log_end(struct audit_buffer *ab) { } +static inline void audit_log_end_local(struct audit_buffer *ab, + struct audit_context *context) +{ } static inline void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) { } @@ -252,6 +258,8 @@ static inline int audit_log_task_context(struct audit_buffer *ab) } static inline void audit_log_task_info(struct audit_buffer *ab) { } +static void audit_log_lsm(struct audit_context *context) +{ } static inline kuid_t audit_get_loginuid(struct task_struct *tsk) { @@ -291,6 +299,7 @@ extern int audit_alloc(struct task_struct *task); extern void __audit_free(struct task_struct *task); extern struct audit_context *audit_alloc_local(gfp_t gfpflags); extern void audit_free_context(struct audit_context *context); +extern void audit_free_local(struct audit_context *context); extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); @@ -386,6 +395,19 @@ static inline void audit_ptrace(struct task_struct *t) __audit_ptrace(t); } +static inline struct audit_context *audit_alloc_for_lsm(gfp_t gfp) +{ + struct audit_context *context = audit_context(); + + if (context) + return context; + + if (lsm_multiple_contexts()) + return audit_alloc_local(gfp); + + return NULL; +} + /* Private API (for audit.c only) */ extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); @@ -560,6 +582,8 @@ extern int audit_signals; } static inline void audit_free_context(struct audit_context *context) { } +static inline void audit_free_local(struct audit_context *context) +{ } static inline int audit_alloc(struct task_struct *task) { return 0; diff --git a/include/linux/security.h b/include/linux/security.h index 9dcc910036f4..d2fcbc20d764 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -182,6 +182,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "display" slot */ +#define LSMBLOB_FIRST -5 /* Use the default "display" slot */ /** * lsmblob_init - initialize an lsmblob structure @@ -248,6 +250,15 @@ static inline u32 lsmblob_value(const struct lsmblob *blob) return 0; } +static inline bool lsm_multiple_contexts(void) +{ +#ifdef CONFIG_SECURITY + return lsm_slot_to_name(1) != NULL; +#else + return false; +#endif +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -575,7 +586,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int display); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1414,7 +1426,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int display) { return -EOPNOTSUPP; } diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 73fc25b4042b..9bc1f969a25d 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -97,7 +97,8 @@ struct calipso_doi; /* NetLabel audit information */ struct netlbl_audit { - u32 secid; + struct audit_context *localcontext; + struct lsmblob lsmdata; kuid_t loginuid; unsigned int sessionid; }; diff --git a/include/net/scm.h b/include/net/scm.h index b77a52f93389..f4d567d4885e 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, diff --git a/include/net/xfrm.h b/include/net/xfrm.h index b2a06f10b62c..bfe3ba2a5233 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -669,13 +669,22 @@ struct xfrm_spi_skb_cb { #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0])) #ifdef CONFIG_AUDITSYSCALL -static inline struct audit_buffer *xfrm_audit_start(const char *op) +static inline struct audit_buffer *xfrm_audit_start(const char *op, + struct audit_context **lac) { + struct audit_context *context; struct audit_buffer *audit_buf = NULL; if (audit_enabled == AUDIT_OFF) return NULL; - audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, + context = audit_context(); + if (lac != NULL) { + if (lsm_multiple_contexts() && context == NULL) + context = audit_alloc_local(GFP_ATOMIC); + *lac = context; + } + + audit_buf = audit_log_start(context, GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT); if (audit_buf == NULL) return NULL; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index cd2d8279a5e4..2a63720e56f6 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -139,6 +139,7 @@ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ +#define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index a8dc5f55cfa3..5b29a350df78 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -386,10 +386,12 @@ void audit_log_lost(const char *message) static int audit_log_config_change(char *function_name, u32 new, u32 old, int allow_changes) { + struct audit_context *context; struct audit_buffer *ab; int rc = 0; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_CONFIG_CHANGE); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (unlikely(!ab)) return rc; audit_log_format(ab, "op=set %s=%u old=%u ", function_name, new, old); @@ -398,7 +400,7 @@ static int audit_log_config_change(char *function_name, u32 new, u32 old, if (rc) allow_changes = 0; /* Something weird, deny request */ audit_log_format(ab, " res=%d", allow_changes); - audit_log_end(ab); + audit_log_end_local(ab, context); return rc; } @@ -1072,12 +1074,6 @@ static void audit_log_common_recv_msg(struct audit_context *context, audit_log_task_context(*ab); } -static inline void audit_log_user_recv_msg(struct audit_buffer **ab, - u16 msg_type) -{ - audit_log_common_recv_msg(NULL, ab, msg_type); -} - int is_audit_feature_set(int i) { return af.features & AUDIT_FEATURE_TO_MASK(i); @@ -1110,6 +1106,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", audit_feature_names[which], !!old_feature, !!new_feature, !!old_lock, !!new_lock, res); + audit_log_lsm(ab->ctx); audit_log_end(ab); } @@ -1190,6 +1187,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; + struct audit_context *lcontext; err = audit_netlink_ok(skb, msg_type); if (err) @@ -1357,7 +1355,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (err) break; } - audit_log_user_recv_msg(&ab, msg_type); + lcontext = audit_alloc_for_lsm(GFP_KERNEL); + audit_log_common_recv_msg(lcontext, &ab, msg_type); if (msg_type != AUDIT_USER_TTY) { /* ensure NULL termination */ str[data_len - 1] = '\0'; @@ -1370,7 +1369,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) data_len--; audit_log_n_untrustedstring(ab, str, data_len); } - audit_log_end(ab); + audit_log_end_local(ab, lcontext); } break; case AUDIT_ADD_RULE: @@ -1378,13 +1377,14 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (data_len < sizeof(struct audit_rule_data)) return -EINVAL; if (audit_enabled == AUDIT_LOCKED) { - audit_log_common_recv_msg(audit_context(), &ab, + lcontext = audit_alloc_for_lsm(GFP_KERNEL); + audit_log_common_recv_msg(lcontext, &ab, AUDIT_CONFIG_CHANGE); audit_log_format(ab, " op=%s audit_enabled=%d res=0", msg_type == AUDIT_ADD_RULE ? "add_rule" : "remove_rule", audit_enabled); - audit_log_end(ab); + audit_log_end_local(ab, lcontext); return -EPERM; } err = audit_rule_change(msg_type, seq, data, data_len); @@ -1394,10 +1394,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) break; case AUDIT_TRIM: audit_trim_trees(); - audit_log_common_recv_msg(audit_context(), &ab, - AUDIT_CONFIG_CHANGE); + lcontext = audit_alloc_for_lsm(GFP_KERNEL); + audit_log_common_recv_msg(lcontext, &ab, AUDIT_CONFIG_CHANGE); audit_log_format(ab, " op=trim res=1"); - audit_log_end(ab); + audit_log_end_local(ab, lcontext); break; case AUDIT_MAKE_EQUIV: { void *bufp = data; @@ -1425,6 +1425,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) /* OK, here comes... */ err = audit_tag_tree(old, new); + lcontext = audit_alloc_for_lsm(GFP_KERNEL); audit_log_common_recv_msg(audit_context(), &ab, AUDIT_CONFIG_CHANGE); audit_log_format(ab, " op=make_equiv old="); @@ -1432,7 +1433,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_log_format(ab, " new="); audit_log_untrustedstring(ab, new); audit_log_format(ab, " res=%d", !err); - audit_log_end(ab); + audit_log_end_local(ab, lcontext); kfree(old); kfree(new); break; @@ -1443,7 +1444,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -1498,13 +1499,14 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) old.enabled = t & AUDIT_TTY_ENABLE; old.log_passwd = !!(t & AUDIT_TTY_LOG_PASSWD); + lcontext = audit_alloc_for_lsm(GFP_KERNEL); audit_log_common_recv_msg(audit_context(), &ab, AUDIT_CONFIG_CHANGE); audit_log_format(ab, " op=tty_set old-enabled=%d new-enabled=%d" " old-log_passwd=%d new-log_passwd=%d res=%d", old.enabled, s.enabled, old.log_passwd, s.log_passwd, !err); - audit_log_end(ab); + audit_log_end_local(ab, lcontext); break; } default: @@ -1550,6 +1552,7 @@ static void audit_receive(struct sk_buff *skb) /* Log information about who is connecting to the audit multicast socket */ static void audit_log_multicast(int group, const char *op, int err) { + struct audit_context *context; const struct cred *cred; struct tty_struct *tty; char comm[sizeof(current->comm)]; @@ -1558,7 +1561,8 @@ static void audit_log_multicast(int group, const char *op, int err) if (!audit_enabled) return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_EVENT_LISTENER); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_EVENT_LISTENER); if (!ab) return; @@ -1576,7 +1580,7 @@ static void audit_log_multicast(int group, const char *op, int err) audit_log_untrustedstring(ab, get_task_comm(comm, current)); audit_log_d_path_exe(ab, current->mm); /* exe= */ audit_log_format(ab, " nl-mcgrp=%d op=%s res=%d", group, op, !err); - audit_log_end(ab); + audit_log_end_local(ab, context); } /* Run custom bind function on netlink socket group connect or bind requests. */ @@ -2138,7 +2142,19 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + /* + * If there is more than one security module that has a + * subject "context" it's necessary to put the subject data + * into a separate record to maintain compatibility. + */ + if (lsm_multiple_contexts()) { + if (ab->ctx) + ab->ctx->lsm = blob; + audit_log_format(ab, " subj=?"); + return 0; + } + + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) goto error_path; @@ -2224,6 +2240,7 @@ void audit_log_task_info(struct audit_buffer *ab) audit_log_untrustedstring(ab, get_task_comm(comm, current)); audit_log_d_path_exe(ab, current->mm); audit_log_task_context(ab); + audit_log_lsm(ab->ctx); } EXPORT_SYMBOL(audit_log_task_info); @@ -2274,6 +2291,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, unsigned int oldsessionid, unsigned int sessionid, int rc) { + struct audit_context *context; struct audit_buffer *ab; uid_t uid, oldloginuid, loginuid; struct tty_struct *tty; @@ -2281,7 +2299,8 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, if (!audit_enabled) return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_LOGIN); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_LOGIN); if (!ab) return; @@ -2296,7 +2315,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, oldloginuid, loginuid, tty ? tty_name(tty) : "(none)", oldsessionid, sessionid, !rc); audit_put_tty(tty); - audit_log_end(ab); + audit_log_end_local(ab, context); } /** @@ -2396,6 +2415,21 @@ void audit_log_end(struct audit_buffer *ab) audit_buffer_free(ab); } +/** + * audit_log_end_local - end one audit record with local context + * @ab: the audit_buffer + * @context: the local context + * + * Emit an LSM context record if appropriate, then end the audit event + * in the usual way. + */ +void audit_log_end_local(struct audit_buffer *ab, struct audit_context *context) +{ + audit_log_end(ab); + audit_log_lsm_common(context); + audit_free_local(context); +} + /** * audit_log - Log an audit record * @ctx: audit context diff --git a/kernel/audit.h b/kernel/audit.h index 3f2285e1c6e0..4f245c3dac0c 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -100,6 +100,7 @@ struct audit_context { int dummy; /* must be the first element */ int in_syscall; /* 1 if task is in a syscall */ bool local; /* local context needed */ + bool lsmdone; /* multiple security reported */ enum audit_state state, current_state; unsigned int serial; /* serial number for record */ int major; /* syscall number */ @@ -131,6 +132,7 @@ struct audit_context { kgid_t gid, egid, sgid, fsgid; unsigned long personality; int arch; + struct lsmblob lsm; pid_t target_pid; kuid_t target_auid; @@ -201,6 +203,7 @@ struct audit_context { extern bool audit_ever_enabled; extern void audit_log_session_info(struct audit_buffer *ab); +extern void audit_log_lsm_common(struct audit_context *context); extern int auditd_test_task(struct task_struct *task); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 9e73a7961665..2b0a6fda767d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1098,12 +1098,14 @@ static void audit_list_rules(int seq, struct sk_buff_head *q) /* Log rule additions and removals */ static void audit_log_rule_change(char *action, struct audit_krule *rule, int res) { + struct audit_context *context; struct audit_buffer *ab; if (!audit_enabled) return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_CONFIG_CHANGE); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (!ab) return; audit_log_session_info(ab); @@ -1111,7 +1113,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re audit_log_format(ab, " op=%s", action); audit_log_key(ab, rule->filterkey); audit_log_format(ab, " list=%d res=%d", rule->listnr, res); - audit_log_end(ab); + audit_log_end_local(ab, context); } /** diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8994d4f4672e..4d0f3fa0bcb0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -942,6 +942,7 @@ static inline struct audit_context *audit_alloc_context(enum audit_state state, INIT_LIST_HEAD(&context->names_list); context->fds[0] = -1; context->return_valid = AUDITSC_INVALID; + context->lsmdone = false; return context; } @@ -989,12 +990,11 @@ struct audit_context *audit_alloc_local(gfp_t gfpflags) context = audit_alloc_context(AUDIT_RECORD_CONTEXT, gfpflags); if (!context) { audit_log_lost("out of memory in audit_alloc_local"); - goto out; + return NULL; } context->serial = audit_serial(); ktime_get_coarse_real_ts64(&context->ctime); context->local = true; -out: return context; } EXPORT_SYMBOL(audit_alloc_local); @@ -1015,6 +1015,13 @@ void audit_free_context(struct audit_context *context) } EXPORT_SYMBOL(audit_free_context); +void audit_free_local(struct audit_context *context) +{ + if (context && context->local) + audit_free_context(context); +} +EXPORT_SYMBOL(audit_free_local); + static int audit_log_pid_context(struct audit_context *context, pid_t pid, kuid_t auid, kuid_t uid, unsigned int sessionid, @@ -1032,7 +1039,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1277,7 +1284,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1432,7 +1440,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; @@ -1506,6 +1514,47 @@ static void audit_log_proctitle(void) audit_log_end(ab); } +void audit_log_lsm_common(struct audit_context *context) +{ + struct audit_buffer *ab; + struct lsmcontext lsmdata; + bool sep = false; + int error; + int i; + + if (!lsm_multiple_contexts() || context == NULL || + !lsmblob_is_set(&context->lsm)) + return; + + ab = audit_log_start(context, GFP_ATOMIC, AUDIT_MAC_TASK_CONTEXTS); + if (!ab) + return; /* audit_panic or being filtered */ + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (context->lsm.secid[i] == 0) + continue; + error = security_secid_to_secctx(&context->lsm, &lsmdata, i); + if (error && error != -EINVAL) { + audit_panic("error in audit_log_lsm"); + return; + } + + audit_log_format(ab, "%ssubj_%s=%s", sep ? " " : "", + lsm_slot_to_name(i), lsmdata.context); + sep = true; + + security_release_secctx(&lsmdata); + } + audit_log_end(ab); + context->lsmdone = true; +} + +void audit_log_lsm(struct audit_context *context) +{ + if (!context->lsmdone) + audit_log_lsm_common(context); +} + static void audit_log_exit(void) { int i, call_panic = 0; @@ -1540,6 +1589,8 @@ static void audit_log_exit(void) audit_log_key(ab, context->filterkey); audit_log_end(ab); + audit_log_lsm(context); + for (aux = context->aux; aux; aux = aux->next) { ab = audit_log_start(context, GFP_KERNEL, aux->type); @@ -1630,6 +1681,8 @@ static void audit_log_exit(void) audit_log_proctitle(); + audit_log_lsm(context); + /* Send end of event record to help user space know we are finished */ ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); if (ab) @@ -2622,10 +2675,12 @@ void __audit_ntp_log(const struct audit_ntp_data *ad) void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, enum audit_nfcfgop op, gfp_t gfp) { + struct audit_context *context; struct audit_buffer *ab; char comm[sizeof(current->comm)]; - ab = audit_log_start(audit_context(), gfp, AUDIT_NETFILTER_CFG); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, gfp, AUDIT_NETFILTER_CFG); if (!ab) return; audit_log_format(ab, "table=%s family=%u entries=%u op=%s", @@ -2635,7 +2690,7 @@ void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries, audit_log_task_context(ab); /* subj= */ audit_log_format(ab, " comm="); audit_log_untrustedstring(ab, get_task_comm(comm, current)); - audit_log_end(ab); + audit_log_end_local(ab, context); } EXPORT_SYMBOL_GPL(__audit_log_nfcfg); @@ -2670,6 +2725,7 @@ static void audit_log_task(struct audit_buffer *ab) */ void audit_core_dumps(long signr) { + struct audit_context *context; struct audit_buffer *ab; if (!audit_enabled) @@ -2678,12 +2734,13 @@ void audit_core_dumps(long signr) if (signr == SIGQUIT) /* don't care for those */ return; - ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_ABEND); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_ANOM_ABEND); if (unlikely(!ab)) return; audit_log_task(ab); audit_log_format(ab, " sig=%ld res=1", signr); - audit_log_end(ab); + audit_log_end_local(ab, context); } /** diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ae073b642fa7..5c0029a3a595 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index f14c0049d7cc..21d250ef81b4 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -344,7 +344,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -660,7 +660,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) struct lsmblob blob; struct lsmcontext context; - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 241089cb7e20..b53ef27b57fe 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -177,7 +177,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 56784592c820..cb4d02199fdb 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index dc8c39f51f7d..2690a528d262 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c @@ -259,7 +259,7 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, break; } audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } } @@ -614,7 +614,7 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry, audit_log_format(audit_buf, " nlbl_domain=%s res=1", entry->domain ? entry->domain : "(default)"); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } switch (entry->def.type) { diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 3befe0738d31..ff5901113a27 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,13 +437,14 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } return ret_val; } @@ -492,13 +493,14 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (dev != NULL) dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } if (entry == NULL) @@ -552,13 +554,14 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (dev != NULL) dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } if (entry == NULL) @@ -741,7 +744,7 @@ static void netlbl_unlabel_acceptflg_set(u8 value, if (audit_buf != NULL) { audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, audit_info->localcontext); } } @@ -1122,7 +1125,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1528,14 +1531,11 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; - struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid(current, &blob); - /* scaffolding until audit_info.secid is converted */ - audit_info.secid = blob.secid[0]; + security_task_getsecid(current, &audit_info.lsmdata); audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..90a18b245380 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -83,14 +83,17 @@ int __init netlbl_netlink_init(void) struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { + struct audit_context *audit_ctx; struct audit_buffer *audit_buf; struct lsmcontext context; - struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; - audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type); + audit_ctx = audit_alloc_for_lsm(GFP_ATOMIC); + audit_info->localcontext = audit_ctx; + + audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type); if (audit_buf == NULL) return NULL; @@ -98,11 +101,14 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); - lsmblob_init(&blob, audit_info->secid); - if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { - audit_log_format(audit_buf, " subj=%s", context.context); - security_release_secctx(&context); + if (lsmblob_is_set(&audit_info->lsmdata)) { + if (!lsm_multiple_contexts() && + security_secid_to_secctx(&audit_info->lsmdata, &context, + LSMBLOB_FIRST) == 0) { + audit_log_format(audit_buf, " subj=%s", + context.context); + security_release_secctx(&context); + } } return audit_buf; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 438b5db6c714..bd4335443b87 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -34,11 +34,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - struct lsmblob blob; - - security_task_getsecid(current, &blob); - /* scaffolding until secid is converted */ - audit_info->secid = blob.secid[0]; + security_task_getsecid(current, &audit_info->lsmdata); audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b74f28cabe24..d0c89b570ac5 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4215,30 +4215,32 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SPD-add"); + audit_buf = xfrm_audit_start("SPD-add", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); audit_log_format(audit_buf, " res=%u", result); xfrm_audit_common_policyinfo(xp, audit_buf); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SPD-delete"); + audit_buf = xfrm_audit_start("SPD-delete", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); audit_log_format(audit_buf, " res=%u", result); xfrm_audit_common_policyinfo(xp, audit_buf); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); #endif diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index d01ca1a18418..a3d49a854ed2 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2746,29 +2746,31 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SAD-add"); + audit_buf = xfrm_audit_start("SAD-add", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); xfrm_audit_helper_sainfo(x, audit_buf); audit_log_format(audit_buf, " res=%u", result); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_state_add); void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid) { + struct audit_context *context; struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SAD-delete"); + audit_buf = xfrm_audit_start("SAD-delete", &context); if (audit_buf == NULL) return; xfrm_audit_helper_usrinfo(task_valid, audit_buf); xfrm_audit_helper_sainfo(x, audit_buf); audit_log_format(audit_buf, " res=%u", result); - audit_log_end(audit_buf); + audit_log_end_local(audit_buf, context); } EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); @@ -2778,7 +2780,7 @@ void xfrm_audit_state_replay_overflow(struct xfrm_state *x, struct audit_buffer *audit_buf; u32 spi; - audit_buf = xfrm_audit_start("SA-replay-overflow"); + audit_buf = xfrm_audit_start("SA-replay-overflow", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); @@ -2796,7 +2798,7 @@ void xfrm_audit_state_replay(struct xfrm_state *x, struct audit_buffer *audit_buf; u32 spi; - audit_buf = xfrm_audit_start("SA-replayed-pkt"); + audit_buf = xfrm_audit_start("SA-replayed-pkt", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); @@ -2811,7 +2813,7 @@ void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family) { struct audit_buffer *audit_buf; - audit_buf = xfrm_audit_start("SA-notfound"); + audit_buf = xfrm_audit_start("SA-notfound", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, family, audit_buf); @@ -2825,7 +2827,7 @@ void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, struct audit_buffer *audit_buf; u32 spi; - audit_buf = xfrm_audit_start("SA-notfound"); + audit_buf = xfrm_audit_start("SA-notfound", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, family, audit_buf); @@ -2843,7 +2845,7 @@ void xfrm_audit_state_icvfail(struct xfrm_state *x, __be32 net_spi; __be32 net_seq; - audit_buf = xfrm_audit_start("SA-icv-failure"); + audit_buf = xfrm_audit_start("SA-icv-failure", NULL); if (audit_buf == NULL) return; xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 691f68d478f1..8e7c660b9b01 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -342,6 +342,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename) { + struct audit_context *context; struct audit_buffer *ab; char *hash; const char *algo_name = hash_algo_name[iint->ima_hash->algo]; @@ -358,8 +359,8 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]); hash[i * 2] = '\0'; - ab = audit_log_start(audit_context(), GFP_KERNEL, - AUDIT_INTEGRITY_RULE); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, AUDIT_INTEGRITY_RULE); if (!ab) goto out; @@ -368,7 +369,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_format(ab, " hash=\"%s:%s\"", algo_name, hash); audit_log_task_info(ab); - audit_log_end(ab); + audit_log_end_local(ab, context); iint->flags |= IMA_AUDITED; out: diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 29220056207f..b38163c43659 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -38,13 +38,15 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, const char *cause, int result, int audit_info, int errno) { + struct audit_context *context; struct audit_buffer *ab; char name[TASK_COMM_LEN]; if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ return; - ab = audit_log_start(audit_context(), GFP_KERNEL, audit_msgno); + context = audit_alloc_for_lsm(GFP_KERNEL); + ab = audit_log_start(context, GFP_KERNEL, audit_msgno); audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", task_pid_nr(current), from_kuid(&init_user_ns, current_uid()), @@ -63,5 +65,5 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, audit_log_format(ab, " ino=%lu", inode->i_ino); } audit_log_format(ab, " res=%d errno=%d", !result, errno); - audit_log_end(ab); + audit_log_end_local(ab, context); } diff --git a/security/security.c b/security/security.c index 5d3dad5f800f..7d90f2f531b1 100644 --- a/security/security.c +++ b/security/security.c @@ -2249,7 +2249,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { rc = hp->hook.setprocattr(name, value, size); - if (rc < 0) + if (rc < 0 && rc != -EINVAL) return rc; } @@ -2294,13 +2294,31 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); memset(cp, 0, sizeof(*cp)); + /* + * ilsm either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (ilsm == LSMBLOB_DISPLAY) + ilsm = lsm_task_ilsm(current); + else if (ilsm == LSMBLOB_FIRST) + ilsm = LSMBLOB_INVALID; + else if (ilsm < 0) { + WARN_ONCE(true, + "LSM: %s unknown interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } else if (ilsm >= lsm_slot) { + WARN_ONCE(true, + "LSM: %s invalid interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; @@ -2330,7 +2348,7 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, return hp->hook.secctx_to_secid(secdata, seclen, &blob->secid[hp->lsmid->slot]); } - return 0; + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2824,23 +2842,17 @@ int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { struct security_hook_list *hp; - bool one_is_good = false; - int rc = 0; - int trc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - trc = hp->hook.audit_rule_init(field, op, rulestr, - &lsmrule[hp->lsmid->slot]); - if (trc == 0) - one_is_good = true; - else - rc = trc; + if (ilsm != LSMBLOB_INVALID && ilsm != hp->lsmid->slot) + continue; + return hp->hook.audit_rule_init(field, op, rulestr, + &lsmrule[hp->lsmid->slot]); } - if (one_is_good) - return 0; - return rc; + return 0; } int security_audit_rule_known(struct audit_krule *krule) @@ -2872,6 +2884,8 @@ int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, continue; if (lsmrule[hp->lsmid->slot] == NULL) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], field, op, &lsmrule[hp->lsmid->slot]); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index e592e10397af..d56e55c04aa4 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -185,7 +185,8 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap) nap->loginuid = audit_get_loginuid(current); nap->sessionid = audit_get_sessionid(current); - nap->secid = skp->smk_secid; + lsmblob_init(&nap->lsmdata, 0); + nap->lsmdata.secid[smack_lsmid.slot] = skp->smk_secid; } /* From patchwork Tue Mar 9 14:42:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125753 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7861C433E6 for ; Tue, 9 Mar 2021 15:09:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B5AC86527B for ; Tue, 9 Mar 2021 15:09:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231539AbhCIPIl (ORCPT ); Tue, 9 Mar 2021 10:08:41 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:45774 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231835AbhCIPIb (ORCPT ); Tue, 9 Mar 2021 10:08:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302511; bh=34OImH0tt9TH4rWio7ZBezCl5gVdglbH/vkf4ejGI04=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=eUhj/MmXJVCeBbKumLY332uPa9KA6SXqpwXaU4UEWCQcrVTzK54Hsurm1XqdPuJnz8zyP5hT/6aoScKxUmZr0OoFH6J9MYpx7nn+H+b8RF9Ka2BOR1VJmX0NRzvjn/mJCCvWjLT/TuvdLh6cNj7rEB/GmLJTfy2HdFUMW6eqHz6/6XRAU3E/qib8LFgflIQkEve6TZJjcUrDU76PDhHqWjh+mJk/jSM5fK0+OQoHGJbWIMyLiCVWGnHWeFLW474xqJMwmySROToSYfjhF4AQCMBGK3XA0wo19fYy4RQwE+HpxGCcYjd+zkx7IF6Mkj9BWMPqTR/1icXkaxzpJHRiQw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302511; bh=D8sw2onNgNYuG0dQn/4lYx49MYtIv/1ivsN8ukjkMB6=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=VrrBYznUsm8CMneDe7KidwklJdy0u0XGpjhPMTQ6AzUNtJv5IYh82GXFEra39dWE/1R9HVO7aRQAV1Xmod9jqhXAWu1NTvEdVS+Dcp14qI32hdfhGMfsFQZHnEZ1eLGABhvQP1+UC2zNlSxwPJA/1/tLlmvNaIuHxjRraGUk+a3XSeZBveeLw/RvUVapPgBrh+HJ3vb8URRhtyTHi1+XkWRdRlmiITbhePm16MC2cCj9dWhoXOmNMWGhNsJO5AySXSGnqfQ5e7rgDgTXZlCrzYPITeF64xfqrqWO2am/RTQIubep4wyKNWeLndrdBX7vCWKzoeIWAMKEBVTIs/725w== X-YMail-OSG: lE2uueUVM1nhEURl3dF_2LjlbJQRaqN6Zt855UGBVK9A0Z.oqbEOFDZkeTQ.e.A wJNSUWZg06FavZLG5RJwVKhao3nF2cOW3Yhj_XoJV7TsIPf_5U0E7BkQYvQUvsALuoTzvdl.xIQc .8ZeekCivo9Mm9HX9TNv5ZTfZQABY9AGLHRn1NT9iwluGC.p3zx5cl5CKkGKWOivT1ARgwk8DwpI UGwxYPeWHbzhWv2KW1AMjQhy6vEGaGEqEVUsMeeUh6rHvR_VqVw3mzH8zCdxuEr0xB1isT.rkKlh AwOnfXPw.MDw30QucFakWVOOU6YRtsFCiAQ51f7D_Tf8t4OzdBiH2erI8bXBb5854CU.TSiAu_rE Cw3swZvX61V1q.o6w2YanTHUczqXAIR4yEXWCv88GJizvRM9QIR97OdKvukfMVkrNTM0w1hp1Isn aQww7p0yNvp4DK_Iyr3gAWj6_kQEUy.iR2XiiiPPodTrZPtgji0cZ_bPYB8fboQvuSb5WmkN1ubK Lpmuf1JNCRDU6OOUr8mHw_oLA7uBA44G8dh8WKwAnjRKm3wvS2IHC858jnmAMdrptI_TLqc8vfni fBSapQ2cXyQ5p6VwwspPOS12Uc7x.dIjkuSYpS4EM0L1b2tZZYvUdOFTMWVkd2OoR050linwGj2z g8w9dJdex0JS_bB00bVTuv16hdUnxAgO1uF7r_lTxJfXMzIcpl1A36lyfYk2zinbsMzSDt_leCVU v.hHi3.sCleVpTJsD8ayHYSPlViymJymCNVAxGnfzXELfuuWZP5jguGKa5ClrEyl5jSGsLmZCn.U F_aPWaXzgsAP70kaztxYRgtMCvhiX3wOxV5iWDfH0IuIZzGWtq5wOZ08TKt1AqVcnp0JGZ_1jExt FDH4WndwtlkI9mbutITKu3eRnToq.VsUuZFtjT9PTUQfAPQcVvcl1NbnAE5NkUIKjjuU_uxtAsp7 KkWCvuw3SX2.YrJFy4WfvobO6z4qd1IrcJ0UDPD0TdA85iAO5AsYbhJOJ1YcelQ4EBc2E08SqPKj a_vAlaBo0CUUZu6xRL2Wzi4iw5blzto8Jl9fRsR1J0hngrbR744NIxri9Gbsmsot8mfD2MARxbJN d92grmnvW6H6TL7iys2xetz.dLCWaMqiN3WjJdeqc2O2VnLGfWZnHS_TyhSVjhnMtF8dBQsb23Qj 271yGQrYuDcI5AZeWMPLrSru49FFObXwqa_8s.NeI5qPgYziIy0vI3np3Oj.WT9fBrie7.zdkGme FvNdmtJJD87xr2Fjpsk1KwZjxRJuvxHA32cpwwjCKwBcBb20FtTjMs52NYMtTi.J3V_PaGN0DVLL dBPsDagPatE.nI74RmCh5EgD_SlfH103n9T9tdXS_XKbPWcoTbk0u5mTkUETYZWERyaJfaHGcEU2 INOPmC19U5frWM3PR0PvQJ9oL.PGnuyml0Fd.z8wvXerTehqdOmjMgZ46cPzkR_Ezhky9h.dLI_s 5lm2_9G8aRjMJx7HSMc9ACdlAznl5CdwiyvF0ZUFUyMMSGKUU.hNpf7jdi4ZCy9osh4WkJHbZmhT GkFcX7ASGAHGwDNWrdPIgZHAshdKanj0bPGw08IQANDrv.Q1WnUc3SrJQH_O0EOQMy20pfn.shJv I83eOa__xkJQHmB4a2ImmjWqxoMd0xqwoQw1MOOIcqN1HN_WKGdqDRMUeuBhFU_4qbFiHARmRD2d 4k0zyRqMBAvgPnovc1mzDrcoMnXvhBzzy.IM7vWYj7pQ2pS5_TKpBWa42QSgHcQVqC.QWt5FXYAJ dj_mbEL7vnMHuKaCPC8YVtFkHZ8IAFclwGoNlxarCXXoBwStr9fVzmB.kk1OXYZsgXl77jnlA3tH PFSh0BM0GONzQEszQPbwucuSSmyOPHyrl_ACU6N_99wwl7MGTyQVpbXiVYlf5cptabFYfAHmfMqX fUFMY.5WxcvWM7bohPSRVz8kl8qd0fIB4I0JblXGcCYjZVURE0TS2wAtiKTHxadAvlp1fUMbD5kp ubJcokqr5MNOUZrB9BX9OJku8_vT1AHI2fySItiyHJj3Lc127jXH2w6NLniQs2OPWCOkwDY5yby4 yt49m.kInUKUqsTBvRgsx8WjJBCWFNt8wiEvYd1WVcQsb5VcYetPT6hFfSRfgZPTaGsz16cvm2GE 7GYii9JW1FbqbGWqW3WyuMA.r8WpOYAxXZiSln26rDIxXgCqfV0dejeM5vJWIZswV7AZmYGpg5SP sisvHG5CYZCLa27pnWaznFHiZX4aRdagktG.sDbVzrmevjDHnvt3Kyu5J1ksDbHkheYRoZxU._D8 jERca0VR6hOEZhuHsxv_XT6pTAoZ2cgvzUtacIdIDaVMeK8uTV1f1DcHC.60Cy4oIrWe2ADyXtEv qupTYO_zPdxW3ohmZgyxoRTV4_kfnZSzLktCcASKBmMRrAlZuNfN.sGhPVJH8OD27pliTFkiubjO 8_.6SDuPvjluJCMrSfZiHQ0xc85nmMT.c9iO0_YM_hh8Zv6C.UfYZycFBHQwJVYLkZnrm7Qx7Ql7 FCW1.gC6t71y92.lYfZLD5efoqR7oP08JIvoFfl5YQ_KULEQ1Cq_sAcyz77Z.5kdlJ54a2XLfetS 9QtuUsIraB228KZaTMVJvim0gOIZvb_95FgYAoFjFjVJCNpg.v37.7vBfB20mXN.aLHYJJwYrpjV rhtkqc6vb.7Q.BFZ3V9J9brX9eJPXrok3T966RSF_2nB9NgoC2d.nkZA89X6HvOt5GxIysbypTv4 c.b_Dv.myHER5yKaGQiY3Nh3zpoBQ4nwaHKrK1U30xQ3v6yw.VUZ7lBbM7ewy.gaLQeLZUIi4pHs srDksCcPm3VtIoOtZ5GKjOd6tx0UHS73a8AwRor4b8YnThXWo4NlLoDWst2WtRY4EZo6_tJRxYsH 2TXC2gjAhBsjmep7ix4zPABaWAvxKX5OvZ2.kneVLrQnl2X96lSD7UJsIctdWnRCXQN8tMMl.XJa CyA8YzxBEdsVLw.mriWubvcHqSKxTaXfCAFoVCZmznuULLOPy967jktXNVrGj_vbbSmT97QzMjnL fk9Qzehncecc_ahXtxl_0P395vLO5362pIhz5kObzUlkCrOiMr3U8Luxp4vINBAQ4BUA7sDEsy6M JGyMftITEvaLatOopkxie7yH50g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:08:31 +0000 Received: by kubenode528.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ba8fde34efdc4e8cb9b59879afe81ecc; Tue, 09 Mar 2021 15:08:25 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 23/25] Audit: Add a new record for multiple object LSM attributes Date: Tue, 9 Mar 2021 06:42:41 -0800 Message-Id: <20210309144243.12519-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a new audit record type to contain the object information when there are multiple security modules that may require such data. This record is linked with the same timestamp and serial number. An example of the MAC_OBJ_CONTEXTS (1421) record is: type=UNKNOWN[1421] msg=audit(1601152467.009:1050): obj_selinux=unconfined_u:object_r:user_home_t:s0 Not all security modules that can provide object information do so in all cases. It is possible that a security module won't apply an object attribute in all cases. Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com To: Paul Moore --- include/linux/audit.h | 7 ++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 53 +++++++++++++++++++++++++++ kernel/audit.h | 4 +-- kernel/auditsc.c | 73 +++++++------------------------------- 5 files changed, 75 insertions(+), 63 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 229cd71fbf09..b92ad58bc97d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -189,6 +189,8 @@ extern void audit_log_path_denied(int type, extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); +extern int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); extern void audit_log_task_info(struct audit_buffer *ab); extern void audit_log_lsm(struct audit_context *context); @@ -256,6 +258,11 @@ static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; } +static inline int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ + return 0; +} static inline void audit_log_task_info(struct audit_buffer *ab) { } static void audit_log_lsm(struct audit_context *context) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 2a63720e56f6..dbb1dce16962 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -140,6 +140,7 @@ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1421 /* Multiple LSM object contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 5b29a350df78..88479459b6e0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2171,6 +2171,59 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); +int audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob) +{ + int i; + int error; + bool sep = false; + struct lsmcontext lsmdata; + struct audit_buffer *lsmab = NULL; + struct audit_context *context = NULL; + + /* + * If there is more than one security module that has a + * object "context" it's necessary to put the object data + * into a separate record to maintain compatibility. + */ + if (lsm_multiple_contexts()) { + audit_log_format(ab, " obj=?"); + context = ab->ctx; + if (context) + lsmab = audit_log_start(context, GFP_KERNEL, + AUDIT_MAC_OBJ_CONTEXTS); + } + + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (blob->secid[i] == 0) + continue; + error = security_secid_to_secctx(blob, &lsmdata, i); + if (error && error != -EINVAL) { + audit_panic("error in audit_log_object_context"); + return error; + } + + if (context) { + audit_log_format(lsmab, "%sobj_%s=%s", + sep ? " " : "", + lsm_slot_to_name(i), + lsmdata.context); + sep = true; + } else + audit_log_format(ab, " obj=%s", lsmdata.context); + + security_release_secctx(&lsmdata); + if (!context) + break; + } + + if (context) + audit_log_end(lsmab); + + return 0; +} +EXPORT_SYMBOL(audit_log_object_context); + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { diff --git a/kernel/audit.h b/kernel/audit.h index 4f245c3dac0c..c65f40a1d308 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -78,7 +78,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob oblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ @@ -155,7 +155,7 @@ struct audit_context { kuid_t uid; kgid_t gid; umode_t mode; - u32 osid; + struct lsmblob oblob; int has_perm; uid_t perm_uid; gid_t perm_gid; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4d0f3fa0bcb0..4a74fc774ada 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -686,14 +686,6 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { - /* - * lsmblob_init sets all values in the - * lsmblob to sid. This is temporary - * until name->osid is converted to a - * lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, f->type, @@ -701,7 +693,6 @@ static int audit_filter_rules(struct task_struct *tsk, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, name->osid); if (security_audit_rule_match( &blob, f->type, @@ -715,8 +706,7 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - lsmblob_init(&blob, ctx->ipc.osid); - if (security_audit_rule_match(&blob, + if (security_audit_rule_match(&ctx->ipc.oblob, f->type, f->op, f->lsm_rules)) ++result; @@ -1028,7 +1018,6 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1038,15 +1027,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(blob)) + rc = audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1273,26 +1255,15 @@ static void show_special(struct audit_context *context, int *call_panic) context->socketcall.args[i]); break; } case AUDIT_IPC: { - u32 osid = context->ipc.osid; + struct lsmblob *oblob = &context->ipc.oblob; audit_log_format(ab, "ouid=%u ogid=%u mode=%#ho", from_kuid(&init_user_ns, context->ipc.uid), from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); - if (osid) { - struct lsmcontext lsmcxt; - struct lsmblob blob; - - lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } - } + if (lsmblob_is_set(oblob) && + audit_log_object_context(ab, oblob)) + *call_panic = 1; if (context->ipc.has_perm) { audit_log_end(ab); ab = audit_log_start(context, GFP_KERNEL, @@ -1435,20 +1406,9 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; - struct lsmcontext lsmctx; - - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(&n->oblob) && + audit_log_object_context(ab, &n->oblob) && call_panic) + *call_panic = 2; /* log the audit_names record type */ switch (n->type) { @@ -2038,17 +1998,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = blob.secid[0]; + security_inode_getsecid(inode, &name->oblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; @@ -2394,16 +2350,11 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &blob); - /* context->ipc.osid will be changed to a lsmblob later in - * the patch series. This will allow auditing of all the object - * labels associated with the ipc object. */ - context->ipc.osid = lsmblob_value(&blob); + security_ipc_getsecid(ipcp, &context->ipc.oblob); context->type = AUDIT_IPC; } From patchwork Tue Mar 9 14:42:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125755 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66272C433E0 for ; Tue, 9 Mar 2021 15:10:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 184996518C for ; Tue, 9 Mar 2021 15:10:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231458AbhCIPJr (ORCPT ); Tue, 9 Mar 2021 10:09:47 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:34892 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231222AbhCIPJi (ORCPT ); Tue, 9 Mar 2021 10:09:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302577; bh=rDJf9+4nRrIWFVzaOQ72FlTSmGZwa9b8d8P0+0iYSY4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ZReGtS+vJ/mhdWoCwO888B0QqbyMcYLb9FozisvLYsvkDyb3t6LSHwnK9gO9wp2Z7kym9JEKk0vy1kD8Kjg80gkgf1g+GDMfqt+vP7DK0K+Stiu9uc6xglowJc/djdBaFOA6364+zAm1E0dCc8N/gq2ARzh9oERKvszbT6qqiiZbnjwdw/1vvRGrQNhgDDOkLZK4BdYMcgcbh7z1ZIvztJ/wXN91tp4YDA+d+XGQ8srDzTpMLc+v0rdYEIRVuiQK6Ceau/8xISU1SV2IipCiwaLXTDuiwRSKOd7eB3rTHWPubFnY53N2aeI7UV0vBaToc29FaTyLsQvIsIv4TcbXfg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302577; bh=gy+2/3icfcXU3Tj+8kIJxKxE7UFHVT1jQLWbKvBv2pk=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=brshlh97/TT6+BqPZ3aNlHll8Z2vCedynd9iThY0zz4Jx0RsFZR91Oc7M6o6yLc9ryMEa0xcjDVttvEPteltwqptGiN8DUchM7dMJgBxNVTrdN6n84LvcrXLv88CNBUQEV+xMZLfjcXN8myACleiLfhpEQZju1mlDo8p6wbK76SooBMJ3THCCBNIe8VA/v55vtmpZMvYb9LBMJtB31mcWg7HTthQ++GT8fK/BykON9OuiymxUEXezgO42q0zMNGGN3Bc8jPN4cipn5IJcuk8v+Yv+hFNv9urdpn00ekiU3ylokWDjHXn2nA2nw0Go2Vi/hIDo6aZSTWBQDbAFZwCJQ== X-YMail-OSG: 1XO4MBcVM1mv_iw2yyJENWkCz3oDsq3GvuTqx2m5UNBgdnIJ1GSr4L3lRhalJFk cM2s127SkqtGunZbiqAmS8pg4UiaCvCKKaGHMmIb6U35HGN4mVWJbybYwxi6QKVspwPM6U1UUHdZ tZxZx5rfbOFjxrVi01swM_4m7RIy7C9Th869KSBweSLNseLVrGFqSisByvoZhESK0xLT6R5Yw1we jhvnCHuO.ZT4drdOfjgAw.CNE5qToxVwc.1qXUs7oA2NOM5CO0wK9QlFiv8IRm3zWMhTux0zWjEr GeWIwd.okS5W3otbaHgAePZ30ViUtCLFg2E9UvlwPB5IuMInTOzFSclaB3.qVNZmzC0lZS6xre.U jAU9N74nciLagdQugJutqIQADualyUa84glxHX9.btSPR21JN804misMB_ofDoVO6.xK.qfb5r6u cZe50HOk8mqrXaplvTWrfRpaNNMDRtzNHdsjPu.d4DpL1B5_OPX0vB4LtsAd_D4scQWh5iyRWhYz wpZguFis.9PVMQeJG0UhqKa0No2a2jlmEQgAS0YpNd3tXhWMt7nLha1sdXBxUsmSWs40K8AIWVCF Ch94oT7PoUsZBp_xsSv6zw7zcXdPjHK27UfnYasjlAsj0MjQd_et4AIPoM6VUqpjLwDnHYCDbm5h MKHwDBjJQTNd_Iscxafmm8R2wX7iP6XeLsmFkxIQGp09SStCFKJ..bglI8aqWtDarKld7MzRUv74 yCpVxVjLoklkjDmYdCAqqYR_VRJtjwqQfGXd2k0z6lUTaW5IiTALgPFS9KIc31OSQ9OAh1QRt_Kc ffi.1FYIXitfrVCfhcYHl96hreXh__of.zyWiNOeVCF71zTB3eBWYWI7pR5mzDE1nIebh0zHlG2w _rT5PaHzECBz4maEQxoeycsh2jh8ukDV_Q8YpC3JfdPjlJ0yHkPgCU6Y6nrb_J3zob4so4bysH3Z GUUhknsVcGYv6Tc8RD4K8O2U.RUw8Ae4CpMGHKF9SIYiK8nwVXTuje4lrEuJvpucJAFuSB2ug543 2vkfapxcJVvwaJx6J27vr5Mhhyrmy5pA.BqgtrcMR1rh.TlwnooH60r6qX7hy4hhtgcSSRSg8Hx1 HTJSp1AxfCP3.Bo3oHFlQBbUOGLyHoGDrss6xwFc_Lg2OqDFJhlUYIoln_9lQTgDM6Xjpt4cayEE Q4bjE1qTvvzkMOJKM5SYSIOkGlGRKMBYCFVKZRi5GuJI5AocIG5oTqWyjmFoXajAEWqNhrx5bdL6 YanUDJ.qrttTJ2Z3YP6arljscB2PmgxwYfF_dClOyag8HBY0Jxc1VsBLgyuMVu4E_1d4Fg2ZYvvt qtUE.nS68JUKCfCWzyG71FoL2a7WvNzL_D3OeJbU9qTAbLhtjfX9iqQOnWGRGpLRuNq9w0Bk7cl6 fbcryEP_9cNV.OLrKUpCZNYBvzCHWmmqw_2LM7sOZM_.6TpruMgmAFOwfjlJdXKrnJO7ZjX4a_.G jFwZrGDpq_1FXX7A6PTJhnAM4MbqIma1zRkzzyxqvtooxtzRMCibDuY_91GhIW9PXtDMA6ySTgVZ e9jvp5nyFvqpJrPEiIHzPT3__kx7tLCHdhFvQ7tek4WMKIFnRORzFLqIAUV2C9OSUGoYfl9Yhoeh ND54moyREb2WBjn3a.3gJi5974uc.y.Tsu5r_0XNhyVHY2AGQt8noZdui6hfWhWb4Sa_FZ3AuxTf UgAPghAXmwoC9tQa3ep148xr6PD4A6TpdcDZfT1KwT0TnqMXMG5ULdVDba0bQF2hnAfbrwFPxv0g oqHTakRlwOToem5a669KESEceEPlbSTCN.lgtZZVsA2kWXOaU5gwNcGg0UmpIbOgwEuQd1NDD1hy Q9Y9rOcYt03dY8t1IWVfmdC0tieIjefJXVLg7RL6qQd70pvFCduBx6t1hYM_Vwf51vX68QWOMM9. wtLKueLSc8H2vrICoWX_q6iR3ldNvnlKMm4dMH0XOV_GoG04aLVgurjEePLrPLY1Rl_T8cJAI6.b z3WpR44NiKd8gI_DbNPa6buERgOlChIs8K1vYDgSaCrJGVgvN4QV8pQfHoTji42.5JBERISzr4m6 ibnxceJJKcenWBJ6c7sVXJwA8SZbbqc7632q_YV2P5v2f50c..BOzI3zv1LJpsojUzVrK505hzPI YVaxNJzMnWIZ68G6yASlcUV24AuZV3Ady69Dy5ljLtziSy_XI0B.b1KDytWZnG1e13D8dwcD3q8N WGdgI8F20.sDWTcpq_xQS0Vj5wZnSIDbyW5f8CagLm0VB6CUVXK0.fzUNuKOypMoZFtMvkLNaIqL mvljiTbp6C8NQhw7pfBsenprFw0eEUD0PfOsm5EHaC3KbJWddr99D6OzD3zXh6QwupyJt7yyXgRd lV46M2JtrNU06oic.2FG1Dr85xl8HqR4nocz7pKAtBQNa._ggGsD8OleyNi.XmkS.9Pfzt_IPuiR dHmc.Tv8K9lU.eWBuUEMs1DX.yL8w1hIILF42z4bXw9j93ZHh7ywAOVGFla6UY48Hl.IFbSWncqM 8Bo3vTTEtsI.skARPAmkWtmeMhJPEqHAm5e.mDDTWwvS66uzUR44smIiCuh200OgWCopeeur3Kkn Tdon_CbPgQnt4rnoWxEl97J5YQd_Qjn2HWa0HyfWELh93vXjJKNGfbg0AQ5X6gy06Y1o1VefnAN1 hOIlxyNVrz5mP96FxTHpesdHZj4od3Z.IHXqlcde3yrKCo51LLHBPpPShM5gdv.0iRKl8KyiD0BW QBnZaNVnqm2vdkPvNKrk5ZVR87C1yV3DitVnYf55lXlh3fo6SzVbW_cLaQt2HmnKRpvjjbFelXK1 n6finv8jzGYx4Z8gUv9gwp9zvcPPbH9VeLHT8_jvYyqkXEWkYRkaHKFslRlIQbOXLTotGLzVke.Z btNWTVMt0qr6a6Ir4xujHFfsEnS9DALYJOzs_AZ4TdbX9S7One4MiXSYM_rey1VZvJ5G44aBSE7d IDq_6qUGQK9DnZmSy11tB0MPbVOqdazWaRlFjOOr2.q7AgBaph3xWgdcpP9zHBgVsW2VHYR.wp.t AF0CaZCLyB43buGJ2ra1dCxnW8ZDjtBK_rHYj3RSrj09NbUfCq8KZO8vGWfp_MGWwQIKp.BrgaJD OVgGNKZDIIpDWsTEyicFlGvABqm8xQZmB1t.zJD_kfwtqoircb_DdPGPiuhOOic6yQbsuXJXQFCu Kn5g0KtB3PN4nAyO_._qLwgP0rR5myjsfGBzScNezcDMidaWQzpL.ng-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:09:37 +0000 Received: by smtp412.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 6893aca5fa0d959d1b210b2d980336fe; Tue, 09 Mar 2021 15:09:33 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v25 24/25] LSM: Add /proc attr entry for full LSM context Date: Tue, 9 Mar 2021 06:42:42 -0800 Message-Id: <20210309144243.12519-25-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add an entry /proc/.../attr/context which displays the full process security "context" in compound format: lsm1\0value\0lsm2\0value\0... This entry is not writable. A security module may decide that its policy does not allow this information to be displayed. In this case none of the information will be displayed. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- Documentation/ABI/testing/procfs-attr-context | 14 ++++ Documentation/security/lsm.rst | 14 ++++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 6 ++ security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 8 +- security/apparmor/procattr.c | 22 +++--- security/security.c | 79 +++++++++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 10 files changed, 135 insertions(+), 15 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-context diff --git a/Documentation/ABI/testing/procfs-attr-context b/Documentation/ABI/testing/procfs-attr-context new file mode 100644 index 000000000000..40da1c397c30 --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-context @@ -0,0 +1,14 @@ +What: /proc/*/attr/context +Contact: linux-security-module@vger.kernel.org, +Description: The current security information used by all Linux + security module (LSMs) that are active on the system. + The details of permissions required to read from + this interface and hence obtain the security state + of the task identified is dependent on the LSMs that + are active on the system. + A process cannot write to this interface. + The data provided by this interface will have the form: + lsm_name\0lsm_data\0[lsm_name\0lsm_data\0]... + where lsm_name is the name of the LSM and the following + lsm_data is the process data for that LSM. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index b77b4a540391..070225ae6ceb 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -143,3 +143,17 @@ separated list of the active security modules. The file ``/proc/pid/attr/interface_lsm`` contains the name of the security module for which the ``/proc/pid/attr/current`` interface will apply. This interface can be written to. + +The infrastructure does provide an interface for the special +case where multiple security modules provide a process context. +This is provided in compound context format. + +- `lsm\0value\0lsm\0value\0` + +The `lsm` and `value` fields are NUL-terminated bytestrings. +Each field may contain whitespace or non-printable characters. +The NUL bytes are included in the size of a compound context. +The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23. + +The file ``/proc/pid/attr/context`` provides the security +context of the identified process. diff --git a/fs/proc/base.c b/fs/proc/base.c index 10de522f3112..23ebfc35435c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2808,6 +2808,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), ATTR(NULL, "interface_lsm", 0666), + ATTR(NULL, "context", 0444), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index ab08da884b2f..8d554288c5a2 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1382,6 +1382,12 @@ * @pages contains the number of pages. * Return 0 if permission is granted. * + * @getprocattr: + * Provide the named process attribute for display in special files in + * the /proc/.../attr directory. Attribute naming and the data displayed + * is at the discretion of the security modules. The exception is the + * "context" attribute, which will contain the security context of the + * task as a nul terminated text string without trailing whitespace. * @ismaclabel: * Check if the extended attribute specified by @name * represents a MAC label. Returns 1 if name is a MAC diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 5bfd313a7cd5..16ccc4a002d0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -602,6 +602,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; + bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); @@ -609,11 +610,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) label = aa_get_newest_label(ctx->onexec); - else + else if (strcmp(name, "context") == 0) { + label = aa_get_newest_label(cred_label(cred)); + newline = false; + } else error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index c929bf4a3df1..be3b083d9b74 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the profile information for @profile * @profile: the profile to print profile info about (NOT NULL) * @string: Returns - string containing the profile info (NOT NULL) + * @newline: Should a newline be added to @string. * * Returns: length of @string on success else error on failure * @@ -30,20 +31,21 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); + int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED; int len; if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; } + if (newline) + flags |= FLAG_SHOW_MODE; - len = aa_label_snxprint(NULL, 0, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(NULL, 0, current_ns, label, flags); AA_BUG(len < 0); *string = kmalloc(len + 2, GFP_KERNEL); @@ -52,19 +54,19 @@ int aa_getprocattr(struct aa_label *label, char **string) return -ENOMEM; } - len = aa_label_snxprint(*string, len + 2, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(*string, len + 2, current_ns, label, flags); if (len < 0) { aa_put_ns(current_ns); return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) { + (*string)[len] = '\n'; + (*string)[++len] = 0; + } aa_put_ns(current_ns); - return len + 1; + return len; } /** diff --git a/security/security.c b/security/security.c index 7d90f2f531b1..ba01df949163 100644 --- a/security/security.c +++ b/security/security.c @@ -776,6 +776,57 @@ static void __init lsm_early_task(struct task_struct *task) panic("%s: Early task alloc failed.\n", __func__); } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + size_t llen; + size_t nlen; + size_t flen; + + llen = strlen(lsm) + 1; + /* + * A security module may or may not provide a trailing nul on + * when returning a security context. There is no definition + * of which it should be, and there are modules that do it + * each way. + */ + nlen = strnlen(new, newlen); + + flen = *ctxlen + llen + nlen + 1; + final = kzalloc(flen, GFP_KERNEL); + + if (final == NULL) + return -ENOMEM; + + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, nlen); + + kfree(*ctx); + + *ctx = final; + *ctxlen = flen; + + return 0; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: @@ -2174,6 +2225,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + int finallen = 0; int ilsm = lsm_task_ilsm(current); int slot = 0; @@ -2201,6 +2256,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, return -ENOMEM; } + if (!strcmp(name, "context")) { + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, + list) { + rc = hp->hook.getprocattr(p, "context", &cp); + if (rc == -EINVAL) + continue; + if (rc < 0) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + kfree(cp); + if (rc < 0) { + kfree(final); + return rc; + } + } + if (final == NULL) + return -EINVAL; + *value = final; + return finallen; + } + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5ed2164ea0e4..d86cfdd84ecf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6392,7 +6392,7 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + if (!strcmp(name, "current") || !strcmp(name, "context")) sid = __tsec->sid; else if (!strcmp(name, "prev")) sid = __tsec->osid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1c14983f87c7..18f1635a5907 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3480,7 +3480,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) char *cp; int slen; - if (strcmp(name, "current") != 0) + if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); From patchwork Tue Mar 9 14:42:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12125757 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6EDCEC43381 for ; Tue, 9 Mar 2021 15:11:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 328D3652A8 for ; Tue, 9 Mar 2021 15:11:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231816AbhCIPKw (ORCPT ); Tue, 9 Mar 2021 10:10:52 -0500 Received: from sonic313-14.consmr.mail.ne1.yahoo.com ([66.163.185.37]:35779 "EHLO sonic313-14.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231856AbhCIPKo (ORCPT ); Tue, 9 Mar 2021 10:10:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302644; bh=gHD52fMIACzOJbAaDdQvy8CsRFtkwZuZ0JBEN4PuE/E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=JZkVehK1bY4yJZkYrdQ4JRPhtBhTzsBJaawDynV2L1H3Pmnup795X6x0E+Ag6Die8BBJzdFnnE6tXx9b2yyGuZmhIiLiyntPUzfupg5D6MdSGHeCb+GL6aP3fK4b3Xm+AxawIRBvWiUGFViHthaARrpZOOCQTIKJwAxK0W9G0ffUUbP/UhDqr4oqw111W6q6eF4GoPhyUOvhgVNGtgHSNzVVUdBneejWpq1BDKJzIK0anAvMBOMc5HCUgIhoroDrfJ7p+B6cocDLx0ooae/twwcx0sSeKdWxuPZjuiWTS+X0IrehSjV8LS7AqpwzARPH8hZwPx+RUtnPAGLCqiOSyw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1615302644; bh=Fr66v8YfSWcF+FMj4vvmtLxTndb7Jhev3isJiuxX6K9=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=bnyqiGpGtxK4deoBmqMCLoUHfIit9RhpkwMDYKSWvyAAaSmRtrI9/vl7QZfBHaJ69MsHwpE335j0qptCPQfGiYrBrXQ5AmeXP2n2qiMrEen+cKJH9/n1OqtQ9PQE5eTsWMEOL0LHdXifIn4YXxx4wbY3TMf3LL0/96GseW2F/jyU9BGJOeSTGJemMTPXNiM2MRoNa/o/RWLel/Z+Cj2OctHgM4BWkpqxw//eNbK4+Han4aFnuKT1jPZilTRC/rEj5yobcp7nsmyuBEtpCLh8nCiktCoP8uk8+7/b2WOYBqahUCq0a0fjkhyCUfD3md138TzdNyOttMGgz02LzyTz2g== X-YMail-OSG: XXkua7IVM1kuws67QmCalJs3.K01Mtn0Bwc59BRbh.4c1mImTlcfCyujo6i6RbV WXz3v3XuMHPhpe9YszFEzg3sn_MYGERukVo1mSejTLSJYu4aJ_u5pXR3tK617thags59u7UuDIFg M5xtpm2zLp_Mu0lOPCB8V17bBEqx9CtlscHxTqNvvunPN_3n9fIO7booRYFPwYm.ie63lQ_LDdQg QeThmRnGnt_b4IfMnBa1Yf0ZMBSXh1CSYu9lzFCE20W9b16jUx_GDPyIRnSK_CuylihLTju47wlZ vJT9odFW4DvYFckg_4qvgIiIS4RSp7X5mafmMtASu0gCUgJGlRKftY5TcIBsJnKy1PSRBWuvom5b Ts2YsmLivKrz..9rwPuIFbb.Nk.PBW8g348756nf7xFlJkUjxSg3zjQf_wfgj6lMbdUr9YiYcTo7 ooTvUgt9GZT11hUCkeOo8B6BVIAuWM8fXXCsvkjDue._CBJkRHU8LoGUvxNmcI_LOkg.WlYOce2L jcebl2cARB5l2o3tN0VPJ3gWFcnfBJU3wwjQYXfYQUSAnuJcgGKCE81WRtNhBoTxjvcaCDiouvcA fARX4pZjZVtPefylyWbW4IJ2pD2mPoBHyyTWTo6a_wpa3RfYjPyhKReKXxueg4lSzFe54cx0gaAh rIZOEGAM8wuxKzvWiLRc2Gp5QAQmLw2ww582.eOKermHMY64Q_8JuLfEjB3B1bF9RA9wezloEN0K raDlsZN5.ual_c1FvwtZ7JlmBkTmlB6NfmMaIg6ZKeWz0MlpsgR6th6460.bjaSDx_c2yicvyHC2 fL3xwCjD0wdTVFMxnI2iS_4JLpJA2G.nPo8rXKK_FUqpko.QsDpjgIh8zArDSMF8hz8L0MohwHIu vC14zBLmUqhZnOyK4qJQSnLRpMo75gZxUd_bqT0jrtK.29WhswH.Y1qrTAguFWWeWZoMJaAu5Iup h_rR0nhWPV6u1bZT8xXs.5hiX3yXBfN_ELuAcjjnCbJF1fE3UpxVJTB1usZvdeVYVapx7rNjyWfv Ott28mPlM1NHsy_al_2C3R.ZnWiwycBLGujAyhyRlfaNmhxOfspHkviyJHx428p5iQO3PYzaGpfC WADCOB5wO73xDNC0ym_vV9uokv7Ghl1RivAlld.p8zs.woshAPWIR0BEqaS279gQHUN5FJcsk67x n3O71.vaNKYTtKzIAGhK5MsjYHTbbqjYVKpK1Qb7k6RKif.Ibne3GkiH5gyBNDFy9v8wm898.4ON 4LL44tKQaka4F4QJJuNibqU4tNpCP2X_Ye8Ij9YcgwvdzF0A_7NHkTW39E2a5jCm3oDdBnrhWzsK .qjIuRE42rF0MXYPLQbV7KIZCJCleg31Pd8ggpvWIzPGFKeijHFD9987OdGHROBN_yd_d32DLw0u UU4ZeRYE271axMsSpXDYQyFcmmOEtYHvDbz7.U_XqEe.xbalPTwfJTcehUrfeOGLIL6IGwnwHAOa TShoHT5Vl_seCMNPV5u0DclclwaAMyXcEyE6yhZNc4r96ARyd9siZo5hjmtM2n8lEqnO9YITl3Go d20AewcAb2GqNaYpheZtgnUVAVDDfVr3zF1BhafLs3IFKdY5lm4kMGfa7jeFsrX1kI_KOy8XS2mi ahTHGF0x5BfzkFIDEVAm1XSlUjjhedUpm9NjLdxQhCDvDSGZ09OW97q1FC5tP.gRYa.Xy2f.HVFf OV0ba.o8t4YTiomAm4aZNTbA6Hlj1G6BGBTmr1dpr0_E91jPdi47W_SxOYfxL0cLT6cDj5CJYTNv ow4AXh1pKj3wWoQG.5zXm.BcxKbeMGcHh3b1APjvazS4QJD5hj_9l_Dyh2Da0zvMzGBVGaPwdRc9 u_fyVRYoeeq5l2BDz5ricF5uDMMSmvzFUb9jgQ_pw2irD7wPaj1umc.etIMh0C6DhW.lgYI2mgGZ 7ase0q2C65RCp0VVRx6CrNxM.o52N9x34NdO1Bddz_m_dwVA89__QPwVuzY9S4brBwgJ9GGXwIMt uY7TnudlEib_dz8p8G1_zzCr8rtZW81QPA1nc8aYLXBr07rs_Klqjzsu7oidLAFyhXbrf_SN4V4k gWOv7Cc08AsewQFs4T_bM3dJcKT.oN4iTFGvZixNaXi9I4DGhPDb2X2fWcgbBw6frqTKN.GtA35P Ure6fDlhqnkj0P1YUucFY3onc95WLNxsu9WLdBwPehJLlueQ3iauDp5GpNtHHX8SskQDuHlFlY6Y .16O3OcE._WJoHvvET5Uq5_d8K.K.ufiK4EwcAuNI_SPUHziIVYbOg6d3A9PBCA2Jm3N8C8ip9cW 1_JokWMIVWUZGcV19VOK1w1pcQUVHyn1dqCdBERmkvNfLMBeAI3dRZ.yfPwXYfLv4Iuu7QJJXzBz q_OaqvAgM2BZpWR5SG_JWxFZREcsMS6CT7MohHvtvH9.zmP9HtOkjdv.k48ZHnpEOY.rvFNjvxQb h.OdR2QjH4z_cDSHKjlWKS4K.YNdcdQceEIYfeQ2pAuWKMP2Z6UtE9mckn9QezGFfAeI8MtXSHd8 jtw8tT_VgbvoL_9gFMvVy9eCukq0TRdcMdBfWwELS_T7bkFoNFOIcMkXhSe86kTyjsspqG9Idanp aljMKeDfOkcpYPewE.lYBIcUUjiqjxJQZJtjz84.ME_IIuCzN9XR8exylLPYk6qNdUvduqFz0Op3 93jcNxZppCsZefGl0SuN6WyXyUT_HAC1kV2i6iktfV9JLN6fuGxQoTqcHLKNRF.g8eOUI.ZXG3aM .B5szUbAofAd.Gkqn08D2N.hOCvq7vBirJpg9NlJnm3shGPm2LS_D4viYjtccW1TppM0SMUK2tXC MXHqhtS7Uu23aSVlJCl4Fu7GWsHxkc7V36V5NcNDntTBSMJl_UOyenqK.EbFDRdLV1EwWgOerBhc ys4kkv4fS7uFiLhl5GedsqruTCQt1dtGd1d6h3WG2PFaCrpxn3nPCeujRL5rmj7k77C1KtfIYBSR PQOXKQK0PUjlkFt_LLdOy0pWTHVBZUplSszwmhnFIwT2lwHLE34IRaxzLHK.I3_Oe5.qZLdEsqav IbMg5q5R_.U8cCkZTNPCksd7V6CCcHNXQv3BlSh4YHWXEbBaIye05K3EwpOlse8lf.PsQwLuGBRY - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 9 Mar 2021 15:10:44 +0000 Received: by kubenode506.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 34830140df26597516d4b8ee418de2e3; Tue, 09 Mar 2021 15:10:39 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v25 25/25] AppArmor: Remove the exclusive flag Date: Tue, 9 Mar 2021 06:42:43 -0800 Message-Id: <20210309144243.12519-26-casey@schaufler-ca.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210309144243.12519-1-casey@schaufler-ca.com> References: <20210309144243.12519-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org With the inclusion of the interface LSM process attribute mechanism AppArmor no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Remove the stub getpeersec_dgram AppArmor hook as it has no effect in the single LSM case and interferes in the multiple LSM case. Acked-by: Stephen Smalley Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- security/apparmor/lsm.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 16ccc4a002d0..c6dc0b6f6712 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1138,22 +1138,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, return error; } -/** - * apparmor_socket_getpeersec_dgram - get security label of packet - * @sock: the peer socket - * @skb: packet data - * @secid: pointer to where to put the secid of the packet - * - * Sets the netlabel socket state on sk from parent - */ -static int apparmor_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) - -{ - /* TODO: requires secid support */ - return -ENOPROTOOPT; -} - /** * apparmor_sock_graft - Initialize newly created socket * @sk: child sock @@ -1257,8 +1241,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { #endif LSM_HOOK_INIT(socket_getpeersec_stream, apparmor_socket_getpeersec_stream), - LSM_HOOK_INIT(socket_getpeersec_dgram, - apparmor_socket_getpeersec_dgram), LSM_HOOK_INIT(sock_graft, apparmor_sock_graft), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request), @@ -1927,7 +1909,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init,