From patchwork Fri Sep 24 17:54:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516359 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF647C433EF for ; Fri, 24 Sep 2021 17:55:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C7BFB61261 for ; Fri, 24 Sep 2021 17:55:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345269AbhIXR5a (ORCPT ); Fri, 24 Sep 2021 13:57:30 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:40260 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345293AbhIXR53 (ORCPT ); Fri, 24 Sep 2021 13:57:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506156; bh=2ZYEZBaEvnJILTMQAJJ3wC4DXcRT/+6H8tuYZoB2hXw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=FyNnEs9eAG1Iu4KcNlZE955KLAdwX+2sHdHgrYAM8THk1+lBXCtHgv3CUEH+amHjEiv75XqWAzOmZyKKe8wJ9GBN+N9lB+cmMiJcgC0MwQS6zwg8rvpiQ6jCyLof+hVVURgBShJKub4S5uBZs+AR4VlB4IqmR+gmy2QMclUI+03DjKQTSb9jysg1LfCgd/66Z3kLLARWUJeSrrlNWqKauPnflfcOVl9eHnqQ8zNqu+116HxzZYiICY+vngA6xWFTHO9tdws2AYdgQPEED1ZdblmWnAZfzMfZJepDxxT+7kYwW8dfSpcgxv1VLLngVSrHdUN+K3eJ2+NKaxvdL3W5IQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506156; bh=nMoEaooVWkNNibfeP6nB0Q2ajpjEfjugl0t3iLqgp6b=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Jw2/IfeVvVoY452iJbad3FRY5NnfeEu4T/fmLgLB9+g6Kr29ss32eSaa4X4N8czsU9o4jiLG6455vr11adjEGNy07PnCs9xZbY8tcnJd+wKfFS2SO/xbW4HBjbk/+Lb1a/Rjt0WrIcz/2je4Ce4iS6X76mMp4Ne4rr5pvtv/y+VLMbn6GzqYmOLemcmqJLmPu9CSQF7KOb/qXt5WWGgicKXIy0KXhm+SI6GdrcfxfkOFigIeyyttGpZ90qu+blvavGrXzD28BkGc20l0HfdbIVECz6i8+UHkZuU5l/L0xFtAhkyX22DEvRjLshis7l5DIfHRCLjLExeAyq5CbJKfyg== X-YMail-OSG: yQtRZMUVM1l5gexBA9KV5JkTbHXtaBOnNUGxyAS.Z9DlkmrNHZcRPrGCe9XpNbw EW.f6t2kUVASLizGu5ND7DEjjq0bgAu5FZDNZ3zzG1B0FaljtgOlvtpIkLhLgOECq8HgE7.RsOYv KV3hcK.w24kWhLMa7gztnJxGTHDk_HD5UVonOWMRUqXrGbxIgjiR4c6fqlCVzmkRfzChmdu7wcMS vtRXVSJv5EvoD1U3jFpTkCJq_IBNzEZ2b273ES1iwo_EOtMMSZ18j0A9xUr07sP5TQzjjeAiZBY7 zDw_Ce2l1giiHW7uzHR7gcWq4g9fZjtcN8VvHo_ynecnwVf6F67sgPONvjgcq.TIImHRcKkFPp96 7VKalg9mjGrSLYC_mmiHHGoonIY39AbDtJIrAxp9i3rE7w21pexDZjCieizYf0tHvE6fnfHZb1OL qlWVz19zhEiwtWOTtDMCXgaNoOaPhbAnc138O0b1JZDFwdw0ycnJMG0ZGIqBhPvsuFkITq8zrjl6 8uKUprJWAvuE6oebChRTqXLu1F5dbNE6.yH.gH44U8HNVunT6WLGlKkJyT_ySjnYaLYdcN8KUcC9 tUsfoVDWR9N4Dz3x4.l5dxZl2EBd3FPcyf28r3l4Gp36yL9OBUBKArUptbbqwJtAI2.1NbvcprWw bba.E6c9uSMRE1t4aaEbAB.OstCL5m8q6HGRyOeBadld3qjl8F28QpEWvNJQnz4eRczTb1KR6ftc vaDYaWvk7fdCJcw6ZtH8YRvsRsSQ6SuyGlP5NWsa87eGTy.I0Sby8GAU0dNH8GJSgfyDyknTtpBd p5KzSk5CaAYa75CE8QOUr9.ZBdR.0ZdNk0Qk8I_ZZyYaRCUvGXjp0mP2cdCIfYPtsbJlgqn2A_az ZqSXW_9ZntMDnm6cVamJChKqLFsav0YSUNxMoQ.X7ktukqcxZVuglME9DuL0Ap619rTkokzlpfoT GZUzJSmWVLYP847hoA.I97LQpADkU9qa2JPG2FHCvQ7uvH3_Yy9sgscLEnxl9Rx_mriegGWFa1D8 nt9E.OWwY950rqeFP8QWZGrUs2U21ngyyQ8Hp2DQSGa2hpAQYwVvKv7zLqZyZ7UGSLz7NhBnC8q. tBr4nCHPZ_xjVpDw39kDp5goOVaWXB4Vq0hGr6beH6vTPbdnA3YQ5VblN2Gpb6r34QWdFiyesdzn EqSMKBVnTl2RZeRzsFU6MktNuZMpYxeyCblYxm0gn5dWINaaolc4VfSa72k2fnxIQLJ9sbtmMIMR BJhEVnrfPq8FXK4QmEwjCsBV8DEyPzLrslN79hHDJHAu.6vxwaLqg2Qb.qotuLhKMAS8uoPGVc_U MIa2leLoHYh9sDwJjgAH7ZWlScIEdUGS4BPU7EdN.QP_lPHohqJNKHKlWETnI4yMeGfsEaHOvgmb N4idTtElVxW4jtih4yPtH6dbJ2VzWVvK0YFtoXM4WQLxawu0FLa.kAS0wHrUSizUqzA5rTbN.Vrz FDWLml6hgPs69pdzjMF3MEul4cHcCq0f1MkW8J5crwwWnKi.Ea9MuqdP2jNrqn3T0g87vNvyT2nI P3Y7iD5DPQGH2fCbdIj5HEJInkpMXY0CQ_2URftBV3zAT1MYEMxF8i_BSNDjfoEENjX9Hen8fCyN tTTt.XK7CCbQlaHqHqSWMy9Bf4eLnvZjeEZb3amyZ9fO.xil5hi9pW.IaYdI7vASVmP9qB_e3qBy f4sEKuSGpm8AsFNFKxHN_FsENKuTD540mggn3SnIVohuByoUCK7l3OsX9sjI83ts7BZ.xo_5LGBv rQGuIq7OsvhR8mQD0KX6toBC5Ar15S4KtaC6pqsxUZf2WZlp1JnaGE_xr4Iyjm2bqebsJr.DsX7L ZgIKhwQF8EfScvipcvc2bAyFruzjMu4PXrCOLlTfm_9Or7QanZwynhmPLpsj0yrK2MNen1N2No5H PxGDDPxobG96Ha..tGnxYNjh1fqb63Xm19NYNNlJjICcEdGsVTRZZF1qxEvw9WYOVRpp9dU74hDB PY_uAW8Tz.92fLOK6fu8AaTr4zfNiZaYUSWgXVi36hadzAMMc_7jwru5DeYZDXbF5mpf7IIU688u KFyFaJZZnKYqYEQf5N5i4i7SmxUnsIrVFB8aQOTIaIu5rypHL9zE7dxOq052hkVzwXgszQA4_nIU YBlqUMsbDxHwLgpiPcTAqaYjhuQLaogwI1Df7kxRi3deh03bTNSqELEcNnBNtASknfPSoY.WbSlq dxXRwTlXSu7dwiJ6MOMzq6R6GCDdz3Rln58fYTiCCa2NhixifvrNkpfVUh93RIqyGxVF23VO9e_C 1PDoxZUzM_alt2DXsX4He4J8RK1c1 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 17:55:56 +0000 Received: by kubenode527.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b24e0b97792fedf4d6049c8eba5792f4; Fri, 24 Sep 2021 17:55:51 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v29 01/28] LSM: Infrastructure management of the sock security Date: Fri, 24 Sep 2021 10:54:14 -0700 Message-Id: <20210924175441.7943-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/include/net.h | 6 ++- security/apparmor/lsm.c | 38 ++++----------- security/security.c | 36 +++++++++++++- security/selinux/hooks.c | 78 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 ++ security/selinux/netlabel.c | 23 ++++----- security/smack/smack.h | 5 ++ security/smack/smack_lsm.c | 66 ++++++++++++-------------- security/smack/smack_netfilter.c | 8 ++-- 10 files changed, 145 insertions(+), 121 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 5c4c5c0602cb..afd3b16875b0 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1588,6 +1588,7 @@ struct lsm_blob_sizes { int lbs_cred; int lbs_file; int lbs_inode; + int lbs_sock; int lbs_superblock; int lbs_ipc; int lbs_msg_msg; diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index aadb4b29fb66..fac8999ba7a3 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,7 +51,11 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) +static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) +{ + return sk->sk_security + apparmor_blob_sizes.lbs_sock; +} + #define SOCK_ctx(X) SOCK_INODE(X)->i_security #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ struct lsm_network_audit NAME ## _net = { .sk = (SK), \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index f72406fe1bf2..4113516fb62e 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -775,33 +775,15 @@ static int apparmor_task_kill(struct task_struct *target, struct kernel_siginfo return error; } -/** - * apparmor_sk_alloc_security - allocate and attach the sk_security field - */ -static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags) -{ - struct aa_sk_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), flags); - if (!ctx) - return -ENOMEM; - - SK_CTX(sk) = ctx; - - return 0; -} - /** * apparmor_sk_free_security - free the sk_security field */ static void apparmor_sk_free_security(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); - SK_CTX(sk) = NULL; aa_put_label(ctx->label); aa_put_label(ctx->peer); - kfree(ctx); } /** @@ -810,8 +792,8 @@ static void apparmor_sk_free_security(struct sock *sk) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); - struct aa_sk_ctx *new = SK_CTX(newsk); + struct aa_sk_ctx *ctx = aa_sock(sk); + struct aa_sk_ctx *new = aa_sock(newsk); if (new->label) aa_put_label(new->label); @@ -867,7 +849,7 @@ static int apparmor_socket_post_create(struct socket *sock, int family, label = aa_get_current_label(); if (sock->sk) { - struct aa_sk_ctx *ctx = SK_CTX(sock->sk); + struct aa_sk_ctx *ctx = aa_sock(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); @@ -1052,7 +1034,7 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) */ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1065,7 +1047,7 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) static struct aa_label *sk_peer_label(struct sock *sk) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (ctx->peer) return ctx->peer; @@ -1149,7 +1131,7 @@ static int apparmor_socket_getpeersec_dgram(struct socket *sock, */ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!ctx->label) ctx->label = aa_get_current_label(); @@ -1159,7 +1141,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_sk_ctx *ctx = aa_sock(sk); if (!skb->secmark) return 0; @@ -1176,6 +1158,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_cred = sizeof(struct aa_task_ctx *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), + .lbs_sock = sizeof(struct aa_sk_ctx), }; static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { @@ -1212,7 +1195,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - LSM_HOOK_INIT(sk_alloc_security, apparmor_sk_alloc_security), LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security), LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security), @@ -1764,7 +1746,7 @@ static unsigned int apparmor_ip_postroute(void *priv, if (sk == NULL) return NF_ACCEPT; - ctx = SK_CTX(sk); + ctx = aa_sock(sk); if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND, skb->secmark, sk)) return NF_ACCEPT; diff --git a/security/security.c b/security/security.c index 9ffa9e9c5c55..26df1ff0b529 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #define MAX_LSM_EVM_XATTR 2 @@ -204,6 +205,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); } @@ -340,6 +342,7 @@ static void __init ordered_lsm_init(void) init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); @@ -659,6 +662,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp) return 0; } +/** + * lsm_sock_alloc - allocate a composite sock blob + * @sock: the sock that needs a blob + * @priority: allocation mode + * + * Allocate the sock blob for all the modules + * + * Returns 0, or -ENOMEM if memory can't be allocated. + */ +static int lsm_sock_alloc(struct sock *sock, gfp_t priority) +{ + if (blob_sizes.lbs_sock == 0) { + sock->sk_security = NULL; + return 0; + } + + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority); + if (sock->sk_security == NULL) + return -ENOMEM; + return 0; +} + /** * lsm_early_task - during initialization allocate a composite task blob * @task: the task that needs a blob @@ -2259,12 +2284,21 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { - return call_int_hook(sk_alloc_security, 0, sk, family, priority); + int rc = lsm_sock_alloc(sk, priority); + + if (unlikely(rc)) + return rc; + rc = call_int_hook(sk_alloc_security, 0, sk, family, priority); + if (unlikely(rc)) + security_sk_free(sk); + return rc; } void security_sk_free(struct sock *sk) { call_void_hook(sk_free_security, sk); + kfree(sk->sk_security); + sk->sk_security = NULL; } void security_sk_clone(const struct sock *sk, struct sock *newsk) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6517f221d52c..9f050bdefb17 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4646,7 +4646,7 @@ static int socket_sockcreate_sid(const struct task_security_struct *tsec, static int sock_has_perm(struct sock *sk, u32 perms) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -4703,7 +4703,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, isec->initialized = LABEL_INITIALIZED; if (sock->sk) { - sksec = sock->sk->sk_security; + sksec = selinux_sock(sock->sk); sksec->sclass = sclass; sksec->sid = sid; /* Allows detection of the first association on this socket */ @@ -4719,8 +4719,8 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct sk_security_struct *sksec_a = socka->sk->sk_security; - struct sk_security_struct *sksec_b = sockb->sk->sk_security; + struct sk_security_struct *sksec_a = selinux_sock(socka->sk); + struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); sksec_a->peer_sid = sksec_b->sid; sksec_b->peer_sid = sksec_a->sid; @@ -4735,7 +4735,7 @@ static int selinux_socket_socketpair(struct socket *socka, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family; int err; @@ -4870,7 +4870,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; err = sock_has_perm(sk, SOCKET__CONNECT); @@ -5049,9 +5049,9 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { - struct sk_security_struct *sksec_sock = sock->sk_security; - struct sk_security_struct *sksec_other = other->sk_security; - struct sk_security_struct *sksec_new = newsk->sk_security; + struct sk_security_struct *sksec_sock = selinux_sock(sock); + struct sk_security_struct *sksec_other = selinux_sock(other); + struct sk_security_struct *sksec_new = selinux_sock(newsk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; int err; @@ -5083,8 +5083,8 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, static int selinux_socket_unix_may_send(struct socket *sock, struct socket *other) { - struct sk_security_struct *ssec = sock->sk->sk_security; - struct sk_security_struct *osec = other->sk->sk_security; + struct sk_security_struct *ssec = selinux_sock(sock->sk); + struct sk_security_struct *osec = selinux_sock(other->sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5126,7 +5126,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, u16 family) { int err = 0; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; @@ -5159,7 +5159,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; @@ -5227,13 +5227,15 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static int selinux_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned int len) { int err = 0; char *scontext; u32 scontext_len; - struct sk_security_struct *sksec = sock->sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sock->sk); u32 peer_sid = SECSID_NULL; if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || @@ -5293,34 +5295,27 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { - struct sk_security_struct *sksec; - - sksec = kzalloc(sizeof(*sksec), priority); - if (!sksec) - return -ENOMEM; + struct sk_security_struct *sksec = selinux_sock(sk); sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); - sk->sk_security = sksec; return 0; } static void selinux_sk_free_security(struct sock *sk) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); - sk->sk_security = NULL; selinux_netlbl_sk_security_free(sksec); - kfree(sksec); } static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = sksec->sid; newsksec->peer_sid = sksec->peer_sid; @@ -5334,7 +5329,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) if (!sk) *secid = SECINITSID_ANY_SOCKET; else { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); *secid = sksec->sid; } @@ -5344,7 +5339,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(parent)); - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || sk->sk_family == PF_UNIX) @@ -5359,7 +5354,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) static int selinux_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb) { - struct sk_security_struct *sksec = ep->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(ep->base.sk); struct common_audit_data ad; struct lsm_network_audit net = {0,}; u8 peerlbl_active; @@ -5510,8 +5505,8 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); /* If policy does not support SECCLASS_SCTP_SOCKET then call * the non-sctp clone version. @@ -5528,7 +5523,7 @@ static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); int err; u16 family = req->rsk_ops->family; u32 connsid; @@ -5549,7 +5544,7 @@ static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->sid = req->secid; newsksec->peer_sid = req->peer_secid; @@ -5566,7 +5561,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) { u16 family = sk->sk_family; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* handle mapped IPv4 packets arriving via IPv6 sockets */ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) @@ -5650,7 +5645,7 @@ static int selinux_tun_dev_attach_queue(void *security) static int selinux_tun_dev_attach(struct sock *sk, void *security) { struct tun_security_struct *tunsec = security; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); /* we don't currently perform any NetLabel based labeling here and it * isn't clear that we would want to do so anyway; while we could apply @@ -5794,7 +5789,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb, return NF_ACCEPT; /* standard practice, label using the parent socket */ - sksec = sk->sk_security; + sksec = selinux_sock(sk); sid = sksec->sid; } else sid = SECINITSID_KERNEL; @@ -5833,7 +5828,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, if (sk == NULL) return NF_ACCEPT; - sksec = sk->sk_security; + sksec = selinux_sock(sk); ad.type = LSM_AUDIT_DATA_NET; ad.u.net = &net; @@ -5925,7 +5920,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, u32 skb_sid; struct sk_security_struct *sksec; - sksec = sk->sk_security; + sksec = selinux_sock(sk); if (selinux_skb_peerlbl_sid(skb, family, &skb_sid)) return NF_DROP; /* At this point, if the returned skb peerlbl is SECSID_NULL @@ -5954,7 +5949,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, } else { /* Locally generated packet, fetch the security label from the * associated socket. */ - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); peer_sid = sksec->sid; secmark_perm = PACKET__SEND; } @@ -6019,7 +6014,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) unsigned int data_len = skb->len; unsigned char *data = skb->data; struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); u16 sclass = sksec->sclass; u32 perm; @@ -7047,6 +7042,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_security_struct), .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), + .lbs_sock = sizeof(struct sk_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), }; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 2953132408bf..007d1ae7ee27 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -194,4 +194,9 @@ static inline struct superblock_security_struct *selinux_superblock( return superblock->s_security + selinux_blob_sizes.lbs_superblock; } +static inline struct sk_security_struct *selinux_sock(const struct sock *sock) +{ + return sock->sk_security + selinux_blob_sizes.lbs_sock; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index abaab7683840..6a94b31b5472 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -67,7 +68,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) @@ -100,7 +101,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( const struct sock *sk, u32 sid) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr = sksec->nlbl_secattr; if (secattr == NULL) @@ -235,7 +236,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, * being labeled by it's parent socket, if it is just exit */ sk = skb_to_full_sk(skb); if (sk != NULL) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB) return 0; @@ -273,7 +274,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep, { int rc; struct netlbl_lsm_secattr secattr; - struct sk_security_struct *sksec = ep->base.sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(ep->base.sk); struct sockaddr_in addr4; struct sockaddr_in6 addr6; @@ -352,7 +353,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) */ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (family == PF_INET) sksec->nlbl_state = NLBL_LABELED; @@ -370,8 +371,8 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) */ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) { - struct sk_security_struct *sksec = sk->sk_security; - struct sk_security_struct *newsksec = newsk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); + struct sk_security_struct *newsksec = selinux_sock(newsk); newsksec->nlbl_state = sksec->nlbl_state; } @@ -389,7 +390,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; if (family != PF_INET && family != PF_INET6) @@ -504,7 +505,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, { int rc = 0; struct sock *sk = sock->sk; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr secattr; if (selinux_netlbl_option(level, optname) && @@ -542,7 +543,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, struct sockaddr *addr) { int rc; - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); struct netlbl_lsm_secattr *secattr; /* connected sockets are allowed to disconnect when the address family @@ -581,7 +582,7 @@ static int selinux_netlbl_socket_connect_helper(struct sock *sk, int selinux_netlbl_socket_connect_locked(struct sock *sk, struct sockaddr *addr) { - struct sk_security_struct *sksec = sk->sk_security; + struct sk_security_struct *sksec = selinux_sock(sk); if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) diff --git a/security/smack/smack.h b/security/smack/smack.h index 99c3422596ab..66b813e15196 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -363,6 +363,11 @@ static inline struct superblock_smack *smack_superblock( return superblock->s_security + smack_blob_sizes.lbs_superblock; } +static inline struct socket_smack *smack_sock(const struct sock *sock) +{ + return sock->sk_security + smack_blob_sizes.lbs_sock; +} + /* * Is the directory transmuting? */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cacbe7518519..f9c6940e6991 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1429,7 +1429,7 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) isp = ssp->smk_in; @@ -1811,7 +1811,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the @@ -2232,11 +2232,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) { struct smack_known *skp = smk_of_current(); - struct socket_smack *ssp; - - ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); - if (ssp == NULL) - return -ENOMEM; + struct socket_smack *ssp = smack_sock(sk); /* * Sockets created by kernel threads receive web label. @@ -2250,11 +2246,10 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) } ssp->smk_packet = NULL; - sk->sk_security = ssp; - return 0; } +#ifdef SMACK_IPV6_PORT_LABELING /** * smack_sk_free_security - Free a socket blob * @sk: the socket @@ -2263,7 +2258,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) */ static void smack_sk_free_security(struct sock *sk) { -#ifdef SMACK_IPV6_PORT_LABELING struct smk_port_label *spp; if (sk->sk_family == PF_INET6) { @@ -2276,9 +2270,8 @@ static void smack_sk_free_security(struct sock *sk) } rcu_read_unlock(); } -#endif - kfree(sk->sk_security); } +#endif /** * smack_ipv4host_label - check host based restrictions @@ -2391,7 +2384,7 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) */ static int smack_netlbl_add(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = ssp->smk_out; int rc; @@ -2423,7 +2416,7 @@ static int smack_netlbl_add(struct sock *sk) */ static void smack_netlbl_delete(struct sock *sk) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); /* * Take the label off the socket if one is set. @@ -2455,7 +2448,7 @@ static int smk_ipv4_check(struct sock *sk, struct sockaddr_in *sap) struct smack_known *skp; int rc = 0; struct smack_known *hkp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smk_audit_info ad; rcu_read_lock(); @@ -2528,7 +2521,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) { struct sock *sk = sock->sk; struct sockaddr_in6 *addr6; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smk_port_label *spp; unsigned short port = 0; @@ -2617,7 +2610,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, int act) { struct smk_port_label *spp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; unsigned short port; struct smack_known *object; @@ -2710,7 +2703,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock == NULL || sock->sk == NULL) return -EOPNOTSUPP; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (strcmp(name, XATTR_SMACK_IPIN) == 0) ssp->smk_in = skp; @@ -2758,7 +2751,7 @@ static int smack_socket_post_create(struct socket *sock, int family, * Sockets created by kernel threads receive web label. */ if (unlikely(current->flags & PF_KTHREAD)) { - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); ssp->smk_in = &smack_known_web; ssp->smk_out = &smack_known_web; } @@ -2783,8 +2776,8 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_socketpair(struct socket *socka, struct socket *sockb) { - struct socket_smack *asp = socka->sk->sk_security; - struct socket_smack *bsp = sockb->sk->sk_security; + struct socket_smack *asp = smack_sock(socka->sk); + struct socket_smack *bsp = smack_sock(sockb->sk); asp->smk_packet = bsp->smk_out; bsp->smk_packet = asp->smk_out; @@ -2847,7 +2840,7 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (__is_defined(SMACK_IPV6_SECMARK_LABELING)) rsp = smack_ipv6host_label(sip); if (rsp != NULL) { - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); @@ -3575,9 +3568,9 @@ static int smack_unix_stream_connect(struct sock *sock, { struct smack_known *skp; struct smack_known *okp; - struct socket_smack *ssp = sock->sk_security; - struct socket_smack *osp = other->sk_security; - struct socket_smack *nsp = newsk->sk_security; + struct socket_smack *ssp = smack_sock(sock); + struct socket_smack *osp = smack_sock(other); + struct socket_smack *nsp = smack_sock(newsk); struct smk_audit_info ad; int rc = 0; #ifdef CONFIG_AUDIT @@ -3623,8 +3616,8 @@ static int smack_unix_stream_connect(struct sock *sock, */ static int smack_unix_may_send(struct socket *sock, struct socket *other) { - struct socket_smack *ssp = sock->sk->sk_security; - struct socket_smack *osp = other->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); + struct socket_smack *osp = smack_sock(other->sk); struct smk_audit_info ad; int rc; @@ -3661,7 +3654,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; #endif #ifdef SMACK_IPV6_SECMARK_LABELING - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp = smack_sock(sock->sk); struct smack_known *rsp; #endif int rc = 0; @@ -3873,7 +3866,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, netlbl_secattr_init(&secattr); if (sk) - ssp = sk->sk_security; + ssp = smack_sock(sk); if (netlbl_skbuff_getattr(skb, family, &secattr) == 0) { skp = smack_from_secattr(&secattr, ssp); @@ -3895,7 +3888,7 @@ static struct smack_known *smack_from_netlbl(const struct sock *sk, u16 family, */ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp = NULL; int rc = 0; struct smk_audit_info ad; @@ -3999,7 +3992,7 @@ static int smack_socket_getpeersec_stream(struct socket *sock, int slen = 1; int rc = 0; - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); if (ssp->smk_packet != NULL) { rcp = ssp->smk_packet->smk_known; slen = strlen(rcp) + 1; @@ -4048,7 +4041,7 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, switch (family) { case PF_UNIX: - ssp = sock->sk->sk_security; + ssp = smack_sock(sock->sk); s = ssp->smk_out->smk_secid; break; case PF_INET: @@ -4097,7 +4090,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) return; - ssp = sk->sk_security; + ssp = smack_sock(sk); ssp->smk_in = skp; ssp->smk_out = skp; /* cssp->smk_packet is already set in smack_inet_csk_clone() */ @@ -4117,7 +4110,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, { u16 family = sk->sk_family; struct smack_known *skp; - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct sockaddr_in addr; struct iphdr *hdr; struct smack_known *hskp; @@ -4203,7 +4196,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb, static void smack_inet_csk_clone(struct sock *sk, const struct request_sock *req) { - struct socket_smack *ssp = sk->sk_security; + struct socket_smack *ssp = smack_sock(sk); struct smack_known *skp; if (req->peer_secid != 0) { @@ -4697,6 +4690,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_inode = sizeof(struct inode_smack), .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), + .lbs_sock = sizeof(struct socket_smack), .lbs_superblock = sizeof(struct superblock_smack), }; @@ -4807,7 +4801,9 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), +#ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), +#endif LSM_HOOK_INIT(sock_graft, smack_sock_graft), LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index fc7399b45373..2648856c47e9 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -28,8 +28,8 @@ static unsigned int smack_ipv6_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } @@ -46,8 +46,8 @@ static unsigned int smack_ipv4_output(void *priv, struct socket_smack *ssp; struct smack_known *skp; - if (sk && sk->sk_security) { - ssp = sk->sk_security; + if (sk) { + ssp = smack_sock(sk); skp = ssp->smk_out; skb->secmark = skp->smk_secid; } From patchwork Fri Sep 24 17:54:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD4EAC433F5 for ; Fri, 24 Sep 2021 17:57:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C132F61251 for ; Fri, 24 Sep 2021 17:57:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345315AbhIXR6h (ORCPT ); Fri, 24 Sep 2021 13:58:37 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:33689 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344123AbhIXR6g (ORCPT ); Fri, 24 Sep 2021 13:58:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506223; bh=zEEMHZqg1wpNk81xEuosfeDezE+zGzCw/HrPZ0wK3P4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=FgRXTwnxUcRCfHLRqMxzJNMr/yE5XDIu5mN9amCTf+YKMrYxhHKPHcDH4d/WpCJyyTqJW9ubu0LXqpVZc1Y5JvWCd8JHRsU/x0wdwaZxt5IZ6z7ZfBfyvkxVw5W+Bu2W3oRJR24+eIo0XyVRYp5IerrEEmIX31049v1mQ09q9ndPnsl8ks2Sf09qWJYcwQPPCTwlnxqw1dfCQb64TyNMIprG6MC1bFMpN6XzfbyTmo2/ZhbbjxkFf72Omi0BnK8t5ZW0uFTehH3hcXQNNWgVzz2FWF1Tz6E7zR4KODvbno+G+O/Nkn0aDhYbMI43jA6lAt71Y4469nRKWQj+DKdCBg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506223; bh=zM6Ib4cqssCLFCfVNXjawAbvxHoa/dHFGukia5H6L/f=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UOGQ9o1Xti7D4hqYBSyMgW0VW82aoO2RXh6JbDXxm0HauFBKJq4IP7cSE7ROeM+kUv1KkTCMkSj/vSZDwn9Dh+uIUwS0CqqcPJ9R372h28+KWzCK/wckcgDhNb8lWioeksPiKUrGiY2GswGnSYVQZb7gIn8dbkBOwa0gduz+wSKoLqg5IUb9qOwhFrBAaHnjZC1DgVau5T7tdD5KCKNtd6crBubJaxG9m4IkOde1OWij5vSv6bT3opzBWGQswceACBo3vftrmKmP28S6042yNSDUR7T7BoWiK6eSNgB3vCcovguDc6V9Jp7vv46mI1B2uOZRNUIRn5/CkQBmqFy+rA== X-YMail-OSG: 2WNoQ_MVM1nQRfuKjPRGrREgOplFamg8.qGf_dRD59d7HWAlmyFamQxHinL8sCg atd0wNnEpNYMVKAk47uTVd7tEQhiKcqOH9MH5ITtZY6DiPDHy9I1Y.xMixyxac8Uw1tylWfP_gvN 1t9B1s05n6Xog7TZV.8Kn5LoWik4Jpz9o2alBveyT6ryN3d4sWMzVDAS1zotSZxTGjWATHq14MPq zctRlioDzAzci9DouI3FEcUDpiMD7tq4jVyzv7gsMQYYRSCVgnKcTMksE9N.g0ayD_nqwZTXLvij qKvEx6ntuvMvNLINEoNCXTuA4YpZ4267A4NwT.xZC1v5QRDTob4ib9boA8JXGY6c4UI960evpl6x ncAfLSJzH8iitXE21ylboII_LNjXMeT2VcVifpKooixdLAhVx1N7eF2qI7HYo1_QlQWCv1.FLHTr zyGXzMWRzw7Kj6pVGt5UeJrAyVT9UwOEeTsLryaDImv2UY2Kr.LEP5jwDjbNVS1JM3tr0Qa.OiPB Ys342HjcdR71ij6fZBDZAUuLyCVaaOB2kikoM9dOSr5Dc.lnA2DqZ1MXSqmrxbvYO7cu_XrIMtjJ RDf1muoreOUPqkSJVyG3mSfZSS32Uw9PZdw7OJQFhmVTVR3_aj7.6YbL2Z2BEqcjCn5mtTIq8lBq 7Fq_zNCwkGk4zbEayZZmH7an0IlA8OgzkcE3HEztoCQvFusvqpuGdfb0RzwVig00x1ZgtxSHtPGI 28lXTOrCFCKIA4Rl_.AOnml0lnkpeQFqsXLUtK0WsPAmmHskFxlI9TM8_efUVE_ibQ_JpUj5LcP. xUw292PkS_OjyWYzKxl6a7hboxYdhYM7zqCZ7SBBuFeFvosB1zLwgdAulXCdWQNRDK.783XOj45. PTnfguMQ.b1XWACm0qvvMzewDXZDjiYnPrl37xOYfQWMETGUMem7H4kO.yr_0uya5_HjVM6wa9IF Nz.jZeVwa0njRMVGSgePyEVAE0Dq.Ytv_CZPDUGLyODgQyL.5rX5uEJzAS6OkB1Qv5kAl.up.W0Y k7UZRVoOg9XOWaoVwCN5P_GHqswpRjWicSTbcGw8G0L5jSqNkkvIp8m9aJis9..mZ_R02gKrCMmJ I0oY9BACSpO1eHqwYrmCjlL4jsgSkiTyWmm6W2hDeBLA4cnLS6avDUtNxiQeq3bQ1JXsVCqMRRGw u4Zr_mncbC6ZUOgwJQKuIjc_H7amz8ltUesJhS7STRtB6J1UGF6yT900.L3pIhmkpnLOv3_SXpmF 58etOfyIiSJSh97jVSUX8Op_qizmLtOyF5xY6qSA919858swMZbIDdCWjjZcOjVILQkWTKmroeFA nlfZAajGCekN_5kofC_.yiRC26zJa.ssNJ.oZujeEEOBw4WepMj19YMcWUK8DsKf1.jsrFqYNtmA IeKBGGcPY91agWDwqrphS4HtIsrVd0JI7QxovHBXqt6PvnWM4eM2LAOFFrnooTK0iOL8bhPbuG3b S1_w7UsrGRpWKau_JziGo8tmyxAoZmNM8ljOB_aotbxP01xI1wESpxK1SDRmCwiQLe9_AXubvdLG EVso9BKmYQo2.3smODiRs4W9A9T1.YWBGAmP.tL_VvGQxe492AHtuh4jR0qJEwSGe0vKpim_yEJ7 S4rmKmmFoc6nyBLmWyjVlT.XxmMz38IpLD0QOL3hIrE16sbnSGjk8JhCGiIyxyL3hUCKeLjQGvX9 vWkgLvCYpixAIJKkX06Lx8Vd4KGCg.jZKNxTNCDLZpeFtIEbu8rVH9HxLVK2BAczA_XT_t67LCH1 X7RFicbiDhKRY0HT3v.N0_zevFea5TgQ68uAb27BbVLjdVcQqO0nVfVAhtphM0nAn01E.3XCAHj5 wpZog32uhA4a5N3yNJy88En8WDydI6kgcR7fG_T9OKrAczeML8zUepki9hqeTHbpPZqbFelMW1yb bFIiH5hk0WAhH4O5SOukoQLGMzCBO2k77WYMC1vPM7BPMpWlX498_HhQzn1iK.xPOu1ekK5u7wLs VEkBQ8zeA4OnW2EDGguS_V6ptoUElDpy3P2Xw3Djab27PSx1R1kfHqAm_Vgsb0953a.polf4804J btsrs3Rup8fICJtI4HQ_Gh1_2.p6xcbQOlkwsw.oU44QaVDw6heOGLFoRPJXKogDmZ0FSu35TTqE ryKJCBn0XJgzA5wbECScxbnX5c6q50RLll_jNMjU9.hVuMp49YdDJypVO26F5VbOc6ri9b9_Aup_ gaFJjv5AMnJE_caEjgKWQ_R52YO9aJcqn2huJsmhtbUfb20_TgUYjyOSrcVm9R7E0CIbASzaB3lU X7.3N_Y3_W2ZedU7kF1dC3_KIF5hIbQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 17:57:03 +0000 Received: by kubenode548.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ebdb4900de4e3e0b5dfd5e27d0e3044e; Fri, 24 Sep 2021 17:56:57 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , bpf@vger.kernel.org Subject: [PATCH v29 02/28] LSM: Add the lsmblob data structure. Date: Fri, 24 Sep 2021 10:54:15 -0700 Message-Id: <20210924175441.7943-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. Because IMA uses the audit rule functions it is affected as well. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: John Johansen Signed-off-by: Casey Schaufler Cc: Cc: linux-audit@redhat.com Cc: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org To: Mimi Zohar To: Mickaël Salaün --- include/linux/audit.h | 4 +- include/linux/lsm_hooks.h | 12 ++++- include/linux/security.h | 67 ++++++++++++++++++++++++-- kernel/auditfilter.c | 24 +++++----- kernel/auditsc.c | 13 +++-- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 ++++- security/commoncap.c | 7 ++- security/integrity/ima/ima_policy.c | 40 +++++++++++----- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 5 ++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 74 ++++++++++++++++++++++++----- security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 22 files changed, 265 insertions(+), 60 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 82b7c1116a85..418a485af114 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include @@ -65,8 +66,9 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { + bool lsm_isset; char *lsm_str; - void *lsm_rule; + void *lsm_rules[LSMBLOB_ENTRIES]; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index afd3b16875b0..c61a16f0a5bc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1570,6 +1570,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1578,7 +1586,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1614,7 +1622,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index 5b7288521300..1b05094468b7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -134,6 +134,65 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize an lsmblob structure + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is an value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1882,8 +1941,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +void security_audit_rule_free(void **lsmrule); #else @@ -1899,12 +1958,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + void **lsmrule) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(void **lsmrule) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index db2c6b59dfc3..a2340e81cfa7 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -74,7 +74,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(f->lsm_rules); } } @@ -519,9 +519,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, goto exit_free; } entry->rule.buflen += f_val; + f->lsm_isset = true; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -774,7 +775,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -788,9 +789,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -842,7 +843,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1358,11 +1359,12 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_isset) { security_task_getsecid_subj(current, &sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + f->lsm_rules); } break; case AUDIT_EXE: @@ -1389,7 +1391,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1421,7 +1423,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1436,7 +1438,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8dd73a64f921..acbd896f54a5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -671,14 +671,13 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_isset) { if (need_sid) { security_task_getsecid_subj(tsk, &sid); need_sid = 0; } result = security_audit_rule_match(sid, f->type, - f->op, - f->lsm_rule); + f->op, f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -688,21 +687,21 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_isset) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( n->osid, f->type, f->op, - f->lsm_rule)) { + f->lsm_rules)) { ++result; break; } @@ -713,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4113516fb62e..392e25940d1f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1161,6 +1161,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1862,7 +1867,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..7a58fe9ab8c4 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 3f810d37b71b..628685cf20e3 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1443,6 +1443,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1467,7 +1472,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 87b9b71cb820..cbe6f1244e31 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -84,7 +84,7 @@ struct ima_rule_entry { int pcr; unsigned int allowed_algos; /* bitfield of allowed hash algorithms */ struct { - void *rule; /* LSM file metadata specific */ + void *rules[LSMBLOB_ENTRIES]; /* LSM file metadata specific */ char *args_p; /* audit value */ int type; /* audit type */ } lsm[MAX_LSM_RULES]; @@ -94,6 +94,22 @@ struct ima_rule_entry { struct ima_template_desc *template; }; +/** + * ima_lsm_isset - Is a rule set for any of the active security modules + * @rules: The set of IMA rules to check + * + * If a rule is set for any LSM return true, otherwise return false. + */ +static inline bool ima_lsm_isset(void *rules[]) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (rules[i]) + return true; + return false; +} + /* * sanity check in case the kernels gains more hash algorithms that can * fit in an unsigned int @@ -347,9 +363,11 @@ static void ima_free_rule_opt_list(struct ima_rule_opt_list *opt_list) static void ima_lsm_free_rule(struct ima_rule_entry *entry) { int i; + int r; for (i = 0; i < MAX_LSM_RULES; i++) { - ima_filter_rule_free(entry->lsm[i].rule); + for (r = 0; r < LSMBLOB_ENTRIES; r++) + ima_filter_rule_free(entry->lsm[i].rules[r]); kfree(entry->lsm[i].args_p); } } @@ -400,8 +418,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); - if (!nentry->lsm[i].rule) + &nentry->lsm[i].rules[0]); + if (!ima_lsm_isset(nentry->lsm[i].rules)) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); } @@ -590,7 +608,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, int rc = 0; u32 osid; - if (!rule->lsm[i].rule) { + if (!ima_lsm_isset(rule->lsm[i].rules)) { if (!rule->lsm[i].args_p) continue; else @@ -603,14 +621,14 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rules); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rule); + rule->lsm[i].rules); break; default: break; @@ -1046,7 +1064,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, { int result; - if (entry->lsm[lsm_rule].rule) + if (ima_lsm_isset(entry->lsm[lsm_rule].rules)) return -EINVAL; entry->lsm[lsm_rule].args_p = match_strdup(args); @@ -1056,8 +1074,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); - if (!entry->lsm[lsm_rule].rule) { + &entry->lsm[lsm_rule].rules[0]); + if (!ima_lsm_isset(entry->lsm[lsm_rule].rules)) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1954,7 +1972,7 @@ int ima_policy_show(struct seq_file *m, void *v) } for (i = 0; i < MAX_LSM_RULES; i++) { - if (entry->lsm[i].rule) { + if (ima_lsm_isset(entry->lsm[i].rules)) { switch (i) { case LSM_OBJ_USER: seq_printf(m, pt(Opt_obj_user), diff --git a/security/landlock/cred.c b/security/landlock/cred.c index 6725af24c684..56b121d65436 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 97b8e421f617..319e90e9290c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -688,5 +688,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index f55b82446de2..54ccf55a077a 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f8e8e980454c..759e00b9436c 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .slot = LSMBLOB_NOT_NEEDED, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b12f7d986b1e..b569f3bc170b 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -239,7 +244,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 963f4ad9cb66..0c368950dc14 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index 26df1ff0b529..b4af710fbb90 100644 --- a/security/security.c +++ b/security/security.c @@ -345,6 +345,7 @@ static void __init ordered_lsm_init(void) init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -472,21 +473,38 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) + struct lsm_id *lsmid) { int i; + WARN_ON(!lsmid->slot || !lsmid->lsm); + + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -495,7 +513,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2071,7 +2089,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2084,7 +2102,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2577,7 +2595,24 @@ int security_key_getsecurity(struct key *key, char **_buffer) int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2585,14 +2620,31 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(void **lsmrule) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9f050bdefb17..824a0df03aca 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7107,6 +7107,11 @@ static int selinux_perf_event_write(struct perf_event *event) } #endif +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7420,7 +7425,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f9c6940e6991..9474fcdaf002 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4694,6 +4694,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4893,7 +4898,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index b6a31901f289..e8f6bb9782c1 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -573,7 +578,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } From patchwork Fri Sep 24 17:54:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58D9CC433F5 for ; Fri, 24 Sep 2021 17:58:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3FC2A610C7 for ; Fri, 24 Sep 2021 17:58:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344074AbhIXR7m (ORCPT ); Fri, 24 Sep 2021 13:59:42 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:42026 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344669AbhIXR7m (ORCPT ); Fri, 24 Sep 2021 13:59:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506288; bh=l3Mc2RMMJVgwD8pkAa//9IWy6Z+N7Gm1TtJ8A2ZCDEY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=ZoT6ZQ1Mm7wIqNdA9xp7RKkk36BogNRJkHX9N4p8/4Vg4RmANyCdSzbbTxzbWRw8OvZceNYxgaLrrbgG2/fiQTzlJpFWopSzSJ4hHkFRhvD5O37VNye4QMlcKsLVhGLE8ot0FMnXRpj8R4u5zJL9N8a/AEzmNywYvbefFIgaZFNuh5UkQMXNt2vpwV3ijZ04/0kII/sERkpd47YpH3t65qPib1W9PMJtojJwp52RSy48SKsVLiRY02OuQ266fcdAX8JZiRFxkGHARMxaFaF/Bt7eileYxrwIJV77x0+F07swL7QUgeYaMs6UWuGprvsLYGsY3F1nUV+y70Fu5jm+MA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506288; bh=B1I2Sl6kfc2DrUYCNLHo31pb0pKLo28Iva7bXYVlhV0=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=EEKHMuOmPHa/XF9vjW7NWYWGXmujLRkv6Vhk4d2lSxZkUQN1dSZO2W9g4CDrfN3j5Qt94CASGE95yiw20YJiJY7I5fLBhJ0/qifRRXSgkqQp1Aq+frMx/43yWZumj0w9U6HKubW+IsAct2c0677rrkaz1lxP1USC4XpIuzfRYpknRngp6ZVWZBIstDxIyIQOFO8/s2jgjagTSU4raCnhx0vtZM4CWBdqJrbMAxYNvfjMgMQGc/Hq76HZ31/rGJ4cianGCV4pHRcU+t4gyDxsmTHmRSLGLrC8J8LXBhG6mCCnKynnL99JAeUBOXhrZAlQSVq4l8lBY4+6wBig5oeRLA== X-YMail-OSG: oZ.DAwkVM1lsqnZVlDtz4rnvMZC2zHXahjHxrc5g0tRgBJd_mrUnYCv6U8MKfax pz1ghxJcDMWXvh3.1jvEd.L9ys9pxpkDq6xawueqw0chAn0qKBuvoLb6sZu3UOwfxjV7WA229035 e84dt9MM7WLNMbSIShHt_0bZimasdy8.s2FA744iGfN1OY.SX2aoaPiWB.T3im6HEhjJIn8kZt_L LpnNjFGqK4EKsIbnyb2GwiT8TOHCtEmZmOU_Tiq0W8rfy_1g1.qpK4bWnefhvV3bW5tbvQm3Q2bL SQnPJOZAc9HI_IardWcZo_uvFR07rpayIDeAR9fU25nuzZhA3FMw2cwACp7HS2ySeVaecFmUnhAA BvqWMEwqPVHQmjTgahQqkLzTC4wHXDw7uJ._4FT64BusQ29mWSvrmYLs0NEShCd_T2XeANqTbm5_ SskWx1SqBWb88jt0tlvtudu17G8iMssUJvTgCGoAwAMD0mITKiTrWKssEAj3PogYhsXjb5542qKJ pWlFfxfEboI29m04kTuc1YD5py5k43Yx4RVJh4ALVHvxLCCmRWAe05p_ifGK_IBzLVF4SkmATCk7 3KCn7uJ4mAdR.jApBDHHKPyOwoHgLSoE79mMGX_Vc_gIyfcBx.BXhYsq9jgIXV1Po7MWtx5dUEyY iVyPr8ExhaopQ8lbVd8Zf9.WUL1U_HG4wmzWU_EPv2fz1SBc5CNO8rb6QbwWI5dROcRmX8Srp5qW 9Eojh4fARmJwaY56v7aSk7Ecgf38lC5_Tvg.rRPoFY5gpZKL_827vH1gCbQU_iGH93zqI1GmEVv4 hDut1sm63jGdj9kNNaGC1NyA5T__S2FOVMewaSrGMBDlo7FcYdx6zzK3GKYQ1bvd.ZUBC.Py6YZ_ r8sSPV.EEhBfGyllLTiFAOyCyi1awxzitWy7LAuABMNdhv5lLVuBzBl3otdRZGjJu__3kGkkhaq3 4__bzwEso6zfkyPnjqRIQ_ikZ5uR9ilZVDerhwbdGamvtehvypPhtmkI45Wpwx5XOiTF9bMFXflJ cURZHKethCrndDoa053yjl6ABj520agnJWu25xW97X2oIbM5V9sd84beDr8VbLS2PYkhn6QqBDtV wMpfcMRh4Y9dY8DcaHR7dSsbUdUUojWfvivJxOS_TQ_KNto_ed2LAnozHsVXjIlvxD5hlLaFJFWk A33Gf.hSs4RnwDufvtSOjtVQwVqh1VlcN.IjtILnAZyldj2.XZPeoprQIiaTlkUrHjbxvevUcq.D 2.zQInUE6JxYuyxxOIYGdXwXxq515A_WCbzXi994szex1UagPPzajrqL1T3RDfMyU7BNzGBbIYj7 mD9z8rZkTEY5zcg84wYjuwJtOKHMGcRzRDDJ2pgETq_xsBvaer6bGp4su2ZwOO8pLgj_qiBe0RFx 6vV5to8y1LHMxLaMI7MPx6aphuQXO_6HdOpzk9Y_uiMEdjPEEmHCn5DFPo8yPCA7lTwRqtzCPDQM uk3sS786Vw0LXbLmBsWYV8GAk99NaJh2NmMlb92O.xCNmI5NRuTSfyJw1V1u6jAiYDNjlNE6QYnx xTF4w_x2gC7Pp2ZrtU_jquAhH1sE6WrvrN1TXZxcJKSOr.OHC.geHyBb5jhkX8P2vKJ.KaYP0RTr n2Et65eUlEphOuNZ_qJ0tf6Jquh9PnXRDyakAvZC1d_hYo_rRCHjKjmhvDOMDL7fJO8S4pQmTCQC e9aDd91YPpM6LdHtCZiTaLWFZvcCCwMMTviuZuzNbJTnE.1.9.v5ZbOWHLMxpILO0DFRa9zp3EJN EzdYpBVBnd64hYff9Uot1msTJj0q21Yy4lwokUXkHzOvofK9mSQ5TtjmfIK8iEdzfFsibLv9sb7j wdR35tdZJixKJf6qUqCdfp5pCA6B8oAPvnfxYZVo5fhqXWYGAoOlupFiXzlRqQKEwMQCdEYrOvcA .tj61QB0w5aQrM6tZ8wXt1ZjNYW2A9eKFMEzrBqNuLj0Kk1lYey0P4ADzXqtAK_OTpiCZDwCuInO ka.osTjhgIqgvppPZIBCgRWVuY1f2DxVhbb2qvNmKdazCf39H.QMROSB1lCNGNAMNZsEj99W3BcX iyXmi2BbdG.nNi8znqcjBHAXztwgtXQm31KCgZIwIWfk5MkxlnK3SaVVXu4u67.ekPy6y1vCKo23 NumBuNEe3CLdcsnUBUyulQZuROyqqFG8XYzMRhn9mwY.uwFBBc0oUy_xc9bAceOb9sNYxiXqpiWI j0JhaPRyxhaIW0vh9lVUpnOy4T06j.T1v2tE9WoFF1OG6IsDZGh0CQbxj.yrl6Cc7b5NsaxZrgdT yODZZ36lp4axuWwl5RelFq003SDEd1hbQKpQspkDDvZJ8NuZQTLASg2sRe2np51MYaF0t37tlolZ bBrk- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 17:58:08 +0000 Received: by kubenode549.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2ce910062c9f02cce3b80cae8d9bd9cb; Fri, 24 Sep 2021 17:58:04 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 03/28] LSM: provide lsm name and id slot mappings Date: Fri, 24 Sep 2021 10:54:16 -0700 Message-Id: <20210924175441.7943-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Provide interfaces to map LSM slot numbers and LSM names. Update the LSM registration code to save this information. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- include/linux/security.h | 4 ++++ security/security.c | 45 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 1b05094468b7..b10b10afd04f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -193,6 +193,10 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) return !memcmp(bloba, blobb, sizeof(*bloba)); } +/* Map lsm names to blob slot numbers */ +extern int lsm_name_to_slot(char *name); +extern const char *lsm_slot_to_name(int slot); + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index b4af710fbb90..8ca554e1dbeb 100644 --- a/security/security.c +++ b/security/security.c @@ -477,6 +477,50 @@ static int lsm_append(const char *new, char **result) * Current index to use while initializing the lsmblob secid list. */ static int lsm_slot __lsm_ro_after_init; +static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init; + +/** + * lsm_name_to_slot - Report the slot number for a security module + * @name: name of the security module + * + * Look up the slot number for the named security module. + * Returns the slot number or LSMBLOB_INVALID if @name is not + * a registered security module name. + */ +int lsm_name_to_slot(char *name) +{ + int i; + + for (i = 0; i < lsm_slot; i++) + if (strcmp(lsm_slotlist[i]->lsm, name) == 0) + return i; + + return LSMBLOB_INVALID; +} + +/** + * lsm_slot_to_name - Get the name of the security module in a slot + * @slot: index into the interface LSM slot list. + * + * Provide the name of the security module associated with + * a interface LSM slot. + * + * If @slot is LSMBLOB_INVALID return the value + * for slot 0 if it has been set, otherwise NULL. + * + * Returns a pointer to the name string or NULL. + */ +const char *lsm_slot_to_name(int slot) +{ + if (slot == LSMBLOB_INVALID) + slot = 0; + else if (slot >= LSMBLOB_ENTRIES || slot < 0) + return NULL; + + if (lsm_slotlist[slot] == NULL) + return NULL; + return lsm_slotlist[slot]->lsm; +} /** * security_add_hooks - Add a modules hooks to the hook lists. @@ -498,6 +542,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, if (lsmid->slot == LSMBLOB_NEEDED) { if (lsm_slot >= LSMBLOB_ENTRIES) panic("%s Too many LSMs registered.\n", __func__); + lsm_slotlist[lsm_slot] = lsmid; lsmid->slot = lsm_slot++; init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, lsmid->slot); From patchwork Fri Sep 24 17:54:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516387 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FEFAC433EF for ; Fri, 24 Sep 2021 17:59:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E966061251 for ; Fri, 24 Sep 2021 17:59:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345406AbhIXSAx (ORCPT ); Fri, 24 Sep 2021 14:00:53 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:43533 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345108AbhIXSAv (ORCPT ); Fri, 24 Sep 2021 14:00:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506357; bh=MBg5DT8kcNaAjWC4ca3qG/0B/Qy0LwbwlLvBZoCnmEs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=blTPhGqjh+aFlB3oE66Nd+zNfaApdKBSKkqup1onzjnKN2An6PsZPmNLb9imc+zPbyKo4fO2VUXMNMi742McZe1ihJV4PCBuCHT2ILjq+1+9YTua3NHe9GiPbvX8y95SxdDh2rinPg3ZiVPDbCv+p36tOyHY1yPCw68hYsvfBwE5a7PuSSn0j9JCgwX/jFbSDt4XTZUwLy4iBOTtsOOPU5Us1W9Y7859a1ACVQGOeAwQI+3/vZ4bpzaTWW3P63ZGZdi7Bb1SEZKSk1h03VK8oX3C3tOTIgTcBo/KPXWCaOslfmMS2lQpGDb6WQGvgsPMtfha2onAgL7xNE/z8Fx9yw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506357; bh=nXOALhki1ySgsBY8RsE17RSwD1fxGYQP/fqkLOODPzV=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=G5aQphhVsROW6Z/MfaFmbXGbX675Jz802QIHHjpkR8V4GjGZF0Z90WzI5k5eFCqT4L8UhcBYCCsp4cUN1bfIyNg1AilpPLSJ4D5BNWMgM+UgwquWsCxCSm+MZbFTemVIp87zp2Rq0n95nqBhG732K+uTXd4egrd1w71scRHeaP3Qa0L5CMAaek8Xq/7uX/37A6xK+zCSyTv0Sp4e0ydcwnhJ2AQy5zl1AeSNmEClX7I/zXMvFEjz82fY7GXCtoy7FipEBiTwwxUK1UIdXUOSVvi6sA/1H3HpPFWAphx3gBRjnsaGaaXT+9AdNqZVgRFy4ErQkGSsCN6xfjqtECLedQ== X-YMail-OSG: gcGqTZAVM1n8e.hStoc7oohaohiDwmAri2fQpaO_QXFeZERAH7wHGHmIXb10ygM WT7HifJnI_P7bDVIIWQRxPvvXzo8nVqkA3jGGPjT2K_QERYuTLRUheUaSBXv14OClvPWAhP5SIhk eZo0Z2U.OnopkCpVgCdGR31WDHgDVYbRnVkqSGkVt5MbmWIq57Wj0sSU4eDr_OM.YVV.TeZtlmep Chk3aqfcOGhINzCCyHnHjpiZ6AZzufhtpumCLYRF4AaG.78e6OqVp0DiyNkY0yrZxRiYvSk7SzOT NxeXZeArtkvUsX63WNYV6TCN1qlBtIDC_xF3IMFMZdzNbNa3.kEoE0eY_WtBRRY692DOttxP.61Z p2IOcBqch48stwVb6KPm82UyglfLAEjS_pt1bdLsa15EaQyejzbvt2xO5IprDHGpFJki0pmpl2nm fK9gzjLHXfKrtdhzYpVH1cCnYeZ7wTqSSjHWEPb_B8E4EqjkEm7NJypTRJPerS2giXXTiNK7Mi6t bt2SxGz4NQcIwKeVlhUIvTSzYZxaOaJoMjGv9U7FRpJe7WWRB1OGt6YDLnE5IuxRdpPbrRpsAiSN ry_2iATcrtnVKUT19f2ztZT5yzrNi13f5pOVFUzeg45p.4UUrHgBzZfti_Bvan012.0Qk7U7lU5x .r53QuyzYKSygIQn8Jj.ml1NN6nkIzornLcUncQbnhQfg0qMTRsD0kh0HLBPao4RKjw.3uZC.rAI wOa9VurSAZnl9C5ligx.wHNYKwatK0qOY6WNKYDaRohZBhdE6R8SmgElD9T1ffb7p9aXjm9x.wtE 444ZcxbQbQMjoA246e6wxo28wXgTm.fQ7OfWNmLASZJ2Hkkl22HopzUF_Tmbu9YLXQUoBun8KHNe cG.z9jN7esicaDd68XKVTIrzuv7.IWH6uyfPavoq7FpNcTV_YWCGVwPZ2HOh.jK6ciP3aYhIa1uE 6gSlL_Zx7d3YtHtEQsxh6R.p9pyfLjBiegP.Gf2hzsqBG3pruBLMaDl4zLSBpHoO14VlhVGkEChR XUCfQfjRTkJyV5hTGa4.TYxKlXsdA96PdWKNUPIGpokrMLmNGLRzrTZi.QznrIKEmDBCqB5PLb.j S6aK8POk4ndwIVVbtmu5rLjpABxxg.X5bSrp6MYo.2L4RDKcIqvOvJAmD.azILG_b0bkRpB0Hk_B TUKOI2ePaGzOaG22nn66XYDix6_bXtAhyQRyghlVBNJnATlQscJ6DLOCok_0WXDFZZOIWsOkPEKE dUz.yv17dlc98Ib8z5uPNV8Bquv1Zr5pNfp4Oooy9VH56o8r9RCKfLRFldrI7tp.4Cd5qg78DmYY OAcdRNeVCKy01F.ATFheH0boN2T3KBz29.e8Io3eTtEKycJ6CfQHBpnAbN.PSltNrs5nFt2yU3h3 fEf2RMVs0sL6yGEFpchAefi5uZ0JVwj1mJH_1vfKeR6nAWrohaJ0ekJ0b3rFq.H8NGWeumEJGKbB BmjMkJ09t.nmJDE_cAS_Ctrgby9L3HNeg2asyLZz_gePcTdwJ23Oge7w0.k4TGBuQGAb80st0Xhx whWZfHjjZ96F6rCGazksMa1t4.6Hm3q7qcUt77.q_ajNgbL_joCP2OP5uO4ESiXTrCi_wpBAgcuV 5FnW_LlzrNOe2qhgaPQMmcaE0YSDMgH_hX9F70E1q0NjkPJWTKt.XsDPuMaNP63WDU9EdGEI4PAp zWcuAsxf1k.T6qTEXQxSgihlofFzBQAWJRENj46_bSOYVi900lfcwal6h_j.ZsZRJISK.8.j_Ogk VuYcex2exy2ipldGn4ni_6tl26jvGhQCA6g8kOl.4UQibKXcjF3RjJbNjEPlL.0HEp48WuqAonHG .axnMQguVl4_nxSFzjy0wg9TcCcvX23yKT4aGh.4PIIHAfKiOZv5RHQMd.6P805Hs6Gur0SPee1S 9mx35RlnrXOhyDkUx6kLdTZaDjgFUfCg5Qggt2l09Nq1q7MyKvhXPHstYcNL6YY4L1otV6HWxoyk LAFYCK9SCn6TXyrGWRNldA6G2cWfNHeukks2EaOYvbZXl9tzL0bXj4O5BFwvr_rrRZoccb2dbt8N NcQXi7hZzgbDz1q0K6tNtbaVNz1OQFkIoQoqihloQiH2DZ1i2GbAMpRkz7DqSxgVMEhvcAdK0mhJ Yz2Z3W_3YwTQN0GN3H0RTc_sQe3T266BHzjaicALWLKQT1oQ3VfszLRz_2HmuiAbCU7qlut3NLfk Nu6Be824p6MNLHM2ThLSHw7XViXF7MyF9BxE7_mW2FQ.B9xZW7IjtI03ng3JmnGOxkbmDuPMSoDO XLx4PZGMXf5Tzfb5F04QVRUwIkKJbNOwuP.Tg2xUFeA_c0A0JVs7BGS6Sb9Tlbtrh2SsytyWi7Li IoPrvT7y9GvmcdsIszHZr25lDi9WVK8e6ptC_eA-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 17:59:17 +0000 Received: by kubenode520.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d92f82df13f171d3f133cc62319c1ca1; Fri, 24 Sep 2021 17:59:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 04/28] IMA: avoid label collisions with stacked LSMs Date: Fri, 24 Sep 2021 10:54:17 -0700 Message-Id: <20210924175441.7943-5-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Integrity measurement may filter on security module information and needs to be clear in the case of multiple active security modules which applies. Provide a boot option ima_rules_lsm= to allow the user to specify an active securty module to apply filters to. If not specified, use the first registered module that supports the audit_rule_match() LSM hook. Allow the user to specify in the IMA policy an lsm= option to specify the security module to use for a particular rule. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler To: Mimi Zohar To: linux-integrity@vger.kernel.org --- Documentation/ABI/testing/ima_policy | 8 ++- security/integrity/ima/ima_policy.c | 79 ++++++++++++++++++++-------- 2 files changed, 64 insertions(+), 23 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 5c2798534950..fb2b66b3c1e7 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -25,7 +25,7 @@ Description: base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=] [euid=] [fowner=] [fsname=]] lsm: [[subj_user=] [subj_role=] [subj_type=] - [obj_user=] [obj_role=] [obj_type=]] + [obj_user=] [obj_role=] [obj_type=] [lsm=]] option: [[appraise_type=]] [template=] [permit_directio] [appraise_flag=] [appraise_algos=] [keyrings=] base: @@ -122,6 +122,12 @@ Description: measure subj_user=_ func=FILE_CHECK mask=MAY_READ + It is possible to explicitly specify which security + module a rule applies to using lsm=. If the security + modules specified is not active on the system the rule + will be rejected. If lsm= is not specified the first + security module registered on the system will be assumed. + Example of measure rules using alternate PCRs:: measure func=KEXEC_KERNEL_CHECK pcr=4 diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index cbe6f1244e31..af278e225f9e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -82,9 +82,10 @@ struct ima_rule_entry { bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */ bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */ int pcr; + int which_lsm; /* which of the rules to use */ unsigned int allowed_algos; /* bitfield of allowed hash algorithms */ struct { - void *rules[LSMBLOB_ENTRIES]; /* LSM file metadata specific */ + void *rule; /* LSM file metadata specific */ char *args_p; /* audit value */ int type; /* audit type */ } lsm[MAX_LSM_RULES]; @@ -96,17 +97,17 @@ struct ima_rule_entry { /** * ima_lsm_isset - Is a rule set for any of the active security modules - * @rules: The set of IMA rules to check + * @entry: the rule entry to examine + * @lsm_rule: the specific rule type in question * - * If a rule is set for any LSM return true, otherwise return false. + * If a rule is set return true, otherwise return false. */ -static inline bool ima_lsm_isset(void *rules[]) +static inline bool ima_lsm_isset(struct ima_rule_entry *entry, int lsm_rule) { - int i; - - for (i = 0; i < LSMBLOB_ENTRIES; i++) - if (rules[i]) - return true; + if (lsm_rule < 0 || lsm_rule > MAX_LSM_RULES) + return false; + if (entry->lsm[lsm_rule].rule) + return true; return false; } @@ -294,6 +295,20 @@ static int __init default_appraise_policy_setup(char *str) } __setup("ima_appraise_tcb", default_appraise_policy_setup); +static int ima_rules_lsm __ro_after_init; + +static int __init ima_rules_lsm_init(char *str) +{ + ima_rules_lsm = lsm_name_to_slot(str); + if (ima_rules_lsm < 0) { + ima_rules_lsm = 0; + pr_err("rule lsm \"%s\" not registered", str); + } + + return 1; +} +__setup("ima_rules_lsm=", ima_rules_lsm_init); + static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src) { struct ima_rule_opt_list *opt_list; @@ -363,11 +378,10 @@ static void ima_free_rule_opt_list(struct ima_rule_opt_list *opt_list) static void ima_lsm_free_rule(struct ima_rule_entry *entry) { int i; - int r; for (i = 0; i < MAX_LSM_RULES; i++) { - for (r = 0; r < LSMBLOB_ENTRIES; r++) - ima_filter_rule_free(entry->lsm[i].rules[r]); + if (entry->lsm[i].rule) + ima_filter_rule_free(entry->lsm[i].rule); kfree(entry->lsm[i].args_p); } } @@ -418,8 +432,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rules[0]); - if (!ima_lsm_isset(nentry->lsm[i].rules)) + &nentry->lsm[i].rule); + if (!ima_lsm_isset(nentry, i)) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); } @@ -608,7 +622,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, int rc = 0; u32 osid; - if (!ima_lsm_isset(rule->lsm[i].rules)) { + if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) continue; else @@ -621,14 +635,14 @@ static bool ima_match_rules(struct ima_rule_entry *rule, security_inode_getsecid(inode, &osid); rc = ima_filter_rule_match(osid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rules); + rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: rc = ima_filter_rule_match(secid, rule->lsm[i].type, Audit_equal, - rule->lsm[i].rules); + rule->lsm[i].rule); break; default: break; @@ -1017,7 +1031,7 @@ enum { Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos, Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings, - Opt_label, Opt_err + Opt_lsm, Opt_label, Opt_err }; static const match_table_t policy_tokens = { @@ -1056,6 +1070,7 @@ static const match_table_t policy_tokens = { {Opt_template, "template=%s"}, {Opt_keyrings, "keyrings=%s"}, {Opt_label, "label=%s"}, + {Opt_lsm, "lsm=%s"}, {Opt_err, NULL} }; @@ -1064,7 +1079,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, { int result; - if (ima_lsm_isset(entry->lsm[lsm_rule].rules)) + if (ima_lsm_isset(entry, lsm_rule)) return -EINVAL; entry->lsm[lsm_rule].args_p = match_strdup(args); @@ -1074,8 +1089,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rules[0]); - if (!ima_lsm_isset(entry->lsm[lsm_rule].rules)) { + &entry->lsm[lsm_rule].rule); + if (!ima_lsm_isset(entry, lsm_rule)) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); @@ -1680,6 +1695,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) &(template_desc->num_fields)); entry->template = template_desc; break; + case Opt_lsm: + result = lsm_name_to_slot(args[0].from); + if (result == LSMBLOB_INVALID) { + int i; + + for (i = 0; i < MAX_LSM_RULES; i++) + entry->lsm[i].args_p = NULL; + result = -EINVAL; + break; + } + entry->which_lsm = result; + result = 0; + break; case Opt_err: ima_log_string(ab, "UNKNOWN", p); result = -EINVAL; @@ -1716,6 +1744,7 @@ ssize_t ima_parse_add_rule(char *rule) struct ima_rule_entry *entry; ssize_t result, len; int audit_info = 0; + int i; p = strsep(&rule, "\n"); len = strlen(p) + 1; @@ -1733,6 +1762,9 @@ ssize_t ima_parse_add_rule(char *rule) INIT_LIST_HEAD(&entry->list); + for (i = 0; i < MAX_LSM_RULES; i++) + entry->which_lsm = ima_rules_lsm; + result = ima_parse_rule(p, entry); if (result) { ima_free_rule(entry); @@ -1972,7 +2004,7 @@ int ima_policy_show(struct seq_file *m, void *v) } for (i = 0; i < MAX_LSM_RULES; i++) { - if (ima_lsm_isset(entry->lsm[i].rules)) { + if (ima_lsm_isset(entry, i)) { switch (i) { case LSM_OBJ_USER: seq_printf(m, pt(Opt_obj_user), @@ -2014,6 +2046,9 @@ int ima_policy_show(struct seq_file *m, void *v) seq_puts(m, "appraise_flag=check_blacklist "); if (entry->flags & IMA_PERMIT_DIRECTIO) seq_puts(m, "permit_directio "); + if (entry->which_lsm >= 0) + seq_printf(m, pt(Opt_lsm), + lsm_slot_to_name(entry->which_lsm)); rcu_read_unlock(); seq_puts(m, "\n"); return 0; From patchwork Fri Sep 24 17:54:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78F73C433FE for ; Fri, 24 Sep 2021 18:00:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5D58F61251 for ; Fri, 24 Sep 2021 18:00:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345421AbhIXSCH (ORCPT ); Fri, 24 Sep 2021 14:02:07 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:46592 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345449AbhIXSB4 (ORCPT ); Fri, 24 Sep 2021 14:01:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506423; bh=grDkRo5RV4L2mHUqLOUmZGqo1SoGcBwapuM/U/xc+PI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=NamNUeI5D/GW8yuA97NnDpNmfJ+0AGHD9gCXJSAyBGmhZIJwyUAMrHvXzM7nm8cWWgXy7dx8m7aFf8gPfFAxgPpV7W08MXQfSycuss6vYjcBTmJ0D+1kLa7JbOL13zMb2TJqPwx8tqFi3yqKEltuVFLpLjJQcEiV1GTl9RyQz2x3nueZgZ4oIF48uu0UpwA4bcCuBzfgHF2cgDWPjfeBF4+//5XoQp8byFmG90EXEbErNd+q1X4mFZdVTnOwEFz3pdhgqWWwAZAQfZkn4U/M9ckQC1lOAH7EfP+kS10PRTY2t6ws5H5E6x60UWC5M3kHrUCdIuW5zcB4Uz5iwLMJ/g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506423; bh=UWYW5K96JpFM+Rmc11aEzqbKhgYF7JGz12u97oGzlOW=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=AiBoPVrulgoPlsajkcrrfhikxsi4/np8HwQD+9AXhEGH6tqcZXHICS5NAKZIgQ25yWil8Bg44mZXW9l139rfsiHhwrRB5/wLmm/3VWhe+BNqSWOhgWRFj2MowPCb+Tg2DgzmIvgP7qNV5C6eoH57m8ECYTcIVeLPI4EOYhkoVv27eacwpw5QRbfg0MLgOVe7Sa5vNbPgBjbk0Cb0VEp7twnDdOMsMsRvXyOgfNmNN7ZC01ptXcODTmjwzfRHhIhPkMqsXpGdGlpdLHzvHEtJewaouQyxYidohItKz1/KmWmFT2WFN+o7/hYdO8nCDVlK18VqX+PamJcEkEqVCGOlYg== X-YMail-OSG: UOxbg4kVM1lnPDnBn_mzKWvloejDdKqfxxIh_ZGdg8iaCjQtkhS.r6dgjBu9zln tPSM7y84Oq0D_CqrpaSgDsU3jVlkUZQKVu2tP9Vsm2BUnYE4VQqs1LI4Fr5YC7W5SIlt.TwvejcG DfA94TlkVuKgJIVKCh583twYOzMoxvZdQRqZg2Q1CXNSvScMWK.BWBGQOOWPhDg.JIqOd3K7lB6g Nd9ngQ5JEm.MxMZ2WyHgiiy3mPGJl96AY96Ki8aDlNPtW_IgDiobJEqOnKPcBqSHjHTAgJBMPQEG TOk24JCvE1BgRT97BtAPi_OrCc._0PQnV1hsLuvD9DqWUrBNxzp7VU8HgEc3eUrg44BS_vQdL5MO yMH6YxSFp9uUgMxrtBAe0JQxtzcpqu3vq.MM6fBVNrvqAui7ssKk3FUJB7pXDjpmcV75JiMu5J1O DylfGGxg3sWU48Ht5HJXMqCUBhlQ.dLk7M2P.ZZzY5FgKszgw_4qsjUkv1bKBwUhxPnfY..q8Vf3 .pG5WoMNRrnLiDjRjZdW6MOA9JdNO8aqKLCSz6HEX04qHFlIb4vBWHkka8yfiFTFQFIrRVZqqDVg .iWq4eidQB6EGUmtoSJ4PXKbnCBaOkHd21iDPydRNHOwE.q__q7pPJJnI.Kez8CuPjAnO2amGoHH XS6B39l0GXgQOkYp7Kra9z29Io_oXSsh.KIHg8MpV6pRmw8Fo80exU8pDUuEX4TRta6HnuJw4.tr Lt_DSHyOdlUGkj7W_Qb1J6PeJjug0bJ15sgBH_gtTcUJhpvNY5T.gqUgGHqQaGDVut.22crTAw2m 2.0YPiBM4vFXgQykC_cGHY7ziZhQlooWS1MkYs.SUYIHiAmjNUIAAMOtGii.CGp1Ucqtvz8.CVoZ wN8DbsmHWrcpADvVAanlDUy386F9CQpSJhKPbQOhdnpXVfJi_j6N2.uYMb.2kydiU.9yz2MA0.dd 1Am6eoYqz8bebz.VVS4a5UAVtdNjFRWeElZ9qf7rXTaSipmV0tW4UW1KdYSpBi6TFUgdOGhipxo_ wKxxrOM9_cOsTq7iXlaZXSx6IIrMArwkT6yW7mmy4vpAfuEFMdhfJafxsaaSbOnl_bM33.5N1SMz FTXRVmAU76KFEm6oPFtUJJFRvHmj5_c40EKOZGndYlQu7S7YO6UV.bB_wVoyPhwCZQo941tpDuiy gcbsBVj8lPyGUXmn8PlmwkVDFau9FvH8k.zMSoXM_zrd7Tq2AgmvZCCUNxuvIM3.lEV.BE6APFBj JuLQ_IT_RUGwZBm7QckhX_SKVz7qAy2tq4UsQdcXsqG8PDCn7E17bxVfPxpKqoOJwClSK_KjS1vd YaV4SgYh.VnbEOl6SLJlLLkOGbdIcXw4oU3qd9xqWrUWSXMwzK_NIqqUl74fjM.f0AdgFOOZ46RD faX5EJwa3r0RuCaYlY2rug6UZRL1Ry1g3j7HkQ_rQXuwIVJMyfPHaoD28UmLEATWhjUDENN70Qt0 9UEiW0hVDuMRTY3y7cTWcsjXRBkKVkW4_U1CO0N3JsRkxAUDFQd_YHjsJ_LPlhdqcDS86UfnRCGm rD.6FVOWDUyGLnU4Ct3Cd6G2acT7nKK.V64OQ0yKhDcT3c7qd363DM9SoVa9zCG.wTTlDQBkCCix VXiyEzpgBzYQRMTHLWaUU1uubW9hCFJ.76grdiRak8H4YfQ46xlED5PIs1mxhABKv.k1g18cdCVW HzLZn4sZPFbJCS9JBPX2sCe8wZPu8r2QByZByaJKxqEadr9yh45tVxFMt5c8wn88DyiSDLRhDggG nPev__L1_RhcAsHGSXO6rhIx3_AvV9bcJd76Jz3U_UajkcmxqepZWzlNDn8rxyF9hKcXOisxmDtw snzs.RYKr3VCS1r8tNk2Pl1C.iZgLo8YGXZk_eBeP4wYUsCIL2bwadxx9GDs2YmAtfJW3AOG9PFT sRiekXJL_5OP2i6doHuiMVkWlmJ3gLdsedsB9xtJ.XeSPAg5Mh5GMJcQ27PE5CF3dCrYW6pdHfg7 0mB7UNWHMId4x9LAcaljNyxiQr7Ez9VkV43yHFoXFgZjg2ZFws.lf3xh4Z1UijwliohcNAgIc9T7 fs7mC_qmNUe8fvXZfCLlJcgNDgsar3sXkTddbfcwcFKnOiHPU8a9YvwMCzrVpJ0_MDyH3ofc6ixt z5jfgvv5CXGIsKiOYiftrBP.FyXFEQ2I1TCRwZDnOA7PXJ1qft5_.SDOPqukt1_lXdqrQxkq7wqO yPmYoxfONoXnmdursi4l8yfsIGUfO_a83GIKCG75infkXMLYXwb2gMU5krMmgcJoow1ixYkOtyuW o5yqqHU1TdukkjFIkGu_ap.qO4bi0JaTLqPc2omJxrUAt2o1o_ovT8PCYWiiKxurf.KDFpJdcWbI BN6vz0nPCODnboYZ6K5OBnzXeEilF0wP2qLml.9k- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:00:23 +0000 Received: by kubenode516.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID b67ae9d5c17e62eb36b02eaa4d7c9ad3; Fri, 24 Sep 2021 18:00:18 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 05/28] LSM: Use lsmblob in security_audit_rule_match Date: Fri, 24 Sep 2021 10:54:18 -0700 Message-Id: <20210924175441.7943-6-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the secid parameter of security_audit_rule_match to a lsmblob structure pointer. Pass the entry from the lsmblob structure for the approprite slot to the LSM hook. Change the users of security_audit_rule_match to use the lsmblob instead of a u32. The scaffolding function lsmblob_init() fills the blob with the value of the old secid, ensuring that it is available to the appropriate module hook. The sources of the secid, security_task_getsecid() and security_inode_getsecid(), will be converted to use the blob structure later in the series. At the point the use of lsmblob_init() is dropped. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- include/linux/security.h | 7 ++++--- kernel/auditfilter.c | 6 ++++-- kernel/auditsc.c | 16 +++++++++++----- security/integrity/ima/ima.h | 4 ++-- security/integrity/ima/ima_policy.c | 7 +++++-- security/security.c | 10 ++++++++-- 6 files changed, 34 insertions(+), 16 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index b10b10afd04f..0ebec0fcf313 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1945,7 +1945,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_SECURITY int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule); +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule); void security_audit_rule_free(void **lsmrule); #else @@ -1961,8 +1962,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule) return 0; } -static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void **lsmrule) +static inline int security_audit_rule_match(struct lsmblob *blob, u32 field, + u32 op, void **lsmrule) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a2340e81cfa7..6a04d762d272 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; pid_t pid; u32 sid; + struct lsmblob blob; switch (f->type) { case AUDIT_PID: @@ -1362,8 +1363,9 @@ int audit_filter(int msgtype, unsigned int listtype) if (f->lsm_isset) { security_task_getsecid_subj(current, &sid); - result = security_audit_rule_match(sid, - f->type, f->op, + lsmblob_init(&blob, sid); + result = security_audit_rule_match( + &blob, f->type, f->op, f->lsm_rules); } break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index acbd896f54a5..447614b7a50b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -478,6 +478,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + struct lsmblob blob; unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -676,8 +677,10 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid_subj(tsk, &sid); need_sid = 0; } - result = security_audit_rule_match(sid, f->type, - f->op, f->lsm_rules); + lsmblob_init(&blob, sid); + result = security_audit_rule_match(&blob, + f->type, f->op, + f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,15 +693,17 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - name->osid, + &blob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { + lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - n->osid, + &blob, f->type, f->op, f->lsm_rules)) { @@ -710,7 +715,8 @@ static int audit_filter_rules(struct task_struct *tsk, /* Find ipc objects that match */ if (!ctx || ctx->type != AUDIT_IPC) break; - if (security_audit_rule_match(ctx->ipc.osid, + lsmblob_init(&blob, ctx->ipc.osid); + if (security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules)) ++result; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..1f025ff1f011 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -437,8 +437,8 @@ static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field, + u32 op, void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index af278e225f9e..3d9f051edd20 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -621,6 +621,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; + struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { if (!rule->lsm[i].args_p) @@ -633,14 +634,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = ima_filter_rule_match(osid, rule->lsm[i].type, + lsmblob_init(&lsmdata, osid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = ima_filter_rule_match(secid, rule->lsm[i].type, + lsmblob_init(&lsmdata, secid); + rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; diff --git a/security/security.c b/security/security.c index 8ca554e1dbeb..6f080a6cc090 100644 --- a/security/security.c +++ b/security/security.c @@ -2672,11 +2672,14 @@ void security_audit_rule_free(void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; + if (lsmrule[hp->lsmid->slot] == NULL) + continue; hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]); } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) +int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op, + void **lsmrule) { struct security_hook_list *hp; int rc; @@ -2684,7 +2687,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule) hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.audit_rule_match(secid, field, op, + if (lsmrule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], + field, op, &lsmrule[hp->lsmid->slot]); if (rc) return rc; From patchwork Fri Sep 24 17:54:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516391 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15C0BC433EF for ; Fri, 24 Sep 2021 18:01:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 00667610C7 for ; Fri, 24 Sep 2021 18:01:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344697AbhIXSDD (ORCPT ); Fri, 24 Sep 2021 14:03:03 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:40156 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343831AbhIXSDC (ORCPT ); Fri, 24 Sep 2021 14:03:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506489; bh=BVm+kSDII84nuD5Z0SIkaLsES8iiyGMMYiWYVtF6bHs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=hZMXFc/TjovakpcqXzvoDKZGEYYHDxRRg84UiiaygJJVNgdNG5m1Urp9Xr0Rqn/yR9Di3yRBpCSnTv5oMmapTWqCCHysJ+/hOFcF6omF/tP8ovDQOE7rvQIEPLdxjL6K2EQmTba997ekzYV8cp/xyQXmIgz2j5Ciqh0914a9jcdmskIv112aDSCuWdjnwIHf2pQq2NytD9NozU+7bx3lsn2XemIyAPbkeZG2icrC+FMEaz8pycV2EY666UOcbtEC+blgVpiifNRX/zXjropT7efdPpTfMqzZhDSOeEgMZ/JSm8q9DCKKrmBZlcUKmM7IjvD9JFp5McKjLP9+q04RLw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506489; bh=PZb7LDe2ZHIG5bWdc5MAAKXviP1DKIF71HQPB0iUtSj=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=EfzYz+VtA113ZnjIZv6ABIl9NsdN4ibJFMoGyK1o6vhHVRF5AuvDBH/fHc61F4eHfP0S1x6k6OUPbkxFb0GLPeVhbwzNd9kF7UfaG05OBSZnhDVRV/LViHm9x9ReCK69n1J6VOyhR6ZJE9UzHEmLsUAwQxi3uRlguDxyirQ9tUHNDnH+dRL4Q615Ix/IElxVoZkz6frxRhd+RQVsSp/youdNTphyadt/B2Ct/Dwuq+amZhBhEO0udDSfE/l32hVKYfwA6ScjwvOCM3R41kXVtVvEzuCugNRwRktRclTDHA+rC9PUCGHus+XadDTbQo2Z3fyp24/n4RBeOR8SRfTJgA== X-YMail-OSG: jqmPeu4VM1m..uYUDIzZvewCyld2auhLosklfqQN_qWVFFQYGRI0u6tSK3.BspK upYxO76W5tk.PHuZj22G2br8BGvCpj5xjCt0HvVExn8acatC59MjfCtjXjDLd4jleGkBykhPJ86j ocKEHliTyOPD2gK2fsIyL2uRMBt118fPNKDKfS1cR81gTfxzzSsFeK6iuxKhorivnKe0rnr00Ruo GUxnCal2nr6YiqaDDwncs54VS06MH8k_H0fLUTaEdvn_hTKmGSsLvLzTO6_8HiHB2Vncf_cgvk0P nuvTepTIBMFL26_Q57k4IrDbt9Mo4LyctwtjJH9drf67RRWrjuoH2z6.pR6VU2J7C6Wo6Cr3etz4 4sKLrG07P4jIwSKaiMjpMtqbIZ7BXDX2JRO8OBEOQMiWHRww5WSectBKi5vp5dIwFSPguuwHSOms gPv1s_FNWnEOuyFHf4nbCtLnrwCicpi0AJkcgxbN6PgkeHe9cAkmMoL8JAzsQ5OFcr6m3WuFTpeF W6dxFgWzJkj59MGxUdPzeCdRFpYNDYkHcJhk16NHJLIQsUz2HADg9iqO6CkH0RYldE5T1s.1pWV8 ltZSLKsI8E.WPcUNod2eIhu_uB6VmlcjJ7xkcMeYaw9NCEip4d3VfmDLbmiHekzu4HQfGjYdxfaJ jfprnG_nIrwoFkR.9TRRgiA01lI31wyHFe3fevaNSAHvnMTqkS5zC83zKde311ZjGmJEeMO2IawX E4_FLvSVGhpcitUKKU8nl5lEJImAWdjgf1WksYe3UJQqWZ4bqfEcYyjl_35XhteQ5CGbTozXpcK8 9lZ5vjdXWdvH2bdM67J88LOC4TX37zMP4sBSNz4R7iJeAEqiD1FIPEkU8dDztF.9m9RAeEyELBpH 33yxWdrl9n0xZLtALQQ5cePIavWG555CTqSrrwVMcIuCesolZK7ufhVW6egN11nTp1sNLYqgy9aH dYqUG92cOz3x2wlSw4DqrxlexDsgW8KU.xOTd4Mzd.RUJpHDFwzXO34sTirQZGzWAL9wZFihiL8m 3F6XivHHoWIUgeG4CPbQ0wUPbULyNzU2gYEnPFjYhMW64hQW.N8iC5c5osew4L35c0PySM22HzK2 DK17dXw8SQWnbF_UvtPy7M1Adgoz9hV2kV_x3JxsFiIRSqUu1cv2GqKDWiB.rAk7ebzlrRGF6s9j qwuUiIpoqkq0zeG_dqLoPZxWM2Car9b8l7Nos9DhHEOSKYcf.W3dWQLrqmAEMn8DsxMxMhDGtWs1 p2.xZ6Cafv86qPAe49gmlBrH.5TRZiFAgL0.qJon0sokMw5DV6.D8EVd54mv5LPERWyKNEy8a22j .HKn77n6vAaeDU76PzHeAKGIp0s4rgckfnGLyfWMVg2SslGNiDNdOTei_yPIp0FFBGDEJB_pA6Y4 mTR7zMjZGo_65wQM61CPzOVxQr373iR1rpsUxRc24f4DZoCkDTr8IdwLkaLaQrGj2FtJDi5aKU4H 7DrA_3PX2U2fBakawqrH9htWPgvvUTQuL3qknHkFMuQ_tSfa6OtKnEiNBswtju9wsAyUmiomGDKA 8FtWZ_AuFsPV2PfT9f5JPg3cpNX1wtIZz0GgSUm806prC0poz7Ts27hmWz3kYOijTLD7vn9u2xqB r2q9x.Jf.gtPJpZYa0Wu2hHR8ZdmSDHF9Hkxe9__Ge4mCO6n0SWUJCvaZoUfvWi8_Y1t1VEOctoR Zc2kAoipwbF24PD7iSjFcLFhOdoHdPg.bVe2IedNhipfKSOm8uccV0Wuu638GwLTz9VGE4fk_D5U oIEtEY2KKXgBJ85Q4_.TL30hIOpH3GuqdyfWDmQ7shBCQlsVzR8EGpK0rVMCKDfLR6qi325YL.hZ k0qL3x.YTUrNyZ3hbusQ1LXJo5ziZoBarfDlfbVHDkFwexQUaPSWronS.jg.CokkQ7FW_53f15Ox vtuEUTr7ucFz5ilbnVnkr63Bx9jTLb83GctgdG0UWJtfkMfvceIFelCvfy69Fqh719KkyyDxQwpY Rp2vHapYL6m47B8ivJ_QwY2Ng9I9Ufrv0pxjfseay4b_Kkljm18Ub0meAjf9Elv2MaAg3WLLzY46 _TqHz6zsZWEBpM1aFbMGiwS_R3zueCUNF5Bkqb_0z2RF9owpWSL0D90kDYF1PtcfKKhmw2kLs7IA ykYB4rXkP5BtcM1tquv8o0nttGAV9l6V14k8gUBXbJD_UCRsOZivPhjC6xgcruOKXjgdkoU20VRw 81qjFXm0sjeQBQqOXdJCIiVNwxrjlZWMSUwjPMNki7oHGvQ7HeAfCsWcxlgJKmtMyPGIfm9YW2qK 9.f2XCBza0x3yHnR3zN7YqW0QOWIdqT_X X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:01:29 +0000 Received: by kubenode586.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5ef65ef8086ed5c2575a48ed4705c58c; Fri, 24 Sep 2021 18:01:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v29 06/28] LSM: Use lsmblob in security_kernel_act_as Date: Fri, 24 Sep 2021 10:54:19 -0700 Message-Id: <20210924175441.7943-7-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the security_kernel_act_as interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its only caller, set_security_override, to do the same. Change that one's only caller, set_security_override_from_ctx, to call it with the new parameter type. The security module hook is unchanged, still taking a secid. The infrastructure passes the correct entry from the lsmblob. lsmblob_init() is used to fill the lsmblob structure, however this will be removed later in the series when security_secctx_to_secid() is updated to provide a lsmblob instead of a secid. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler To: David Howells --- include/linux/cred.h | 3 ++- include/linux/security.h | 5 +++-- kernel/cred.c | 10 ++++++---- security/security.c | 14 ++++++++++++-- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index fcbc6885cc09..eb02e8514239 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -18,6 +18,7 @@ struct cred; struct inode; +struct lsmblob; /* * COW Supplementary groups list @@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *); extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int change_create_files_as(struct cred *, struct inode *); -extern int set_security_override(struct cred *, u32); +extern int set_security_override(struct cred *, struct lsmblob *); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern int cred_fscmp(const struct cred *, const struct cred *); diff --git a/include/linux/security.h b/include/linux/security.h index 0ebec0fcf313..399b83ad1a43 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -462,7 +462,7 @@ void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); void security_cred_getsecid(const struct cred *c, u32 *secid); -int security_kernel_act_as(struct cred *new, u32 secid); +int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_load_data(enum kernel_load_data_id id, bool contents); @@ -1104,7 +1104,8 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline int security_kernel_act_as(struct cred *cred, u32 secid) +static inline int security_kernel_act_as(struct cred *cred, + struct lsmblob *blob) { return 0; } diff --git a/kernel/cred.c b/kernel/cred.c index f784e08c2fbd..d82fd1236537 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -774,14 +774,14 @@ EXPORT_SYMBOL(prepare_kernel_cred); /** * set_security_override - Set the security ID in a set of credentials * @new: The credentials to alter - * @secid: The LSM security ID to set + * @blob: The LSM security information to set * * Set the LSM security ID in a set of credentials so that the subjective * security is overridden when an alternative set of credentials is used. */ -int set_security_override(struct cred *new, u32 secid) +int set_security_override(struct cred *new, struct lsmblob *blob) { - return security_kernel_act_as(new, secid); + return security_kernel_act_as(new, blob); } EXPORT_SYMBOL(set_security_override); @@ -797,6 +797,7 @@ EXPORT_SYMBOL(set_security_override); */ int set_security_override_from_ctx(struct cred *new, const char *secctx) { + struct lsmblob blob; u32 secid; int ret; @@ -804,7 +805,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) if (ret < 0) return ret; - return set_security_override(new, secid); + lsmblob_init(&blob, secid); + return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/security/security.c b/security/security.c index 6f080a6cc090..a049b82d58e1 100644 --- a/security/security.c +++ b/security/security.c @@ -1799,9 +1799,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid) } EXPORT_SYMBOL(security_cred_getsecid); -int security_kernel_act_as(struct cred *new, u32 secid) +int security_kernel_act_as(struct cred *new, struct lsmblob *blob) { - return call_int_hook(kernel_act_as, 0, new, secid); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } int security_kernel_create_files_as(struct cred *new, struct inode *inode) From patchwork Fri Sep 24 17:54:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516393 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05004C433EF for ; Fri, 24 Sep 2021 18:02:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E126161251 for ; Fri, 24 Sep 2021 18:02:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345674AbhIXSEK (ORCPT ); Fri, 24 Sep 2021 14:04:10 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:33037 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345563AbhIXSEJ (ORCPT ); Fri, 24 Sep 2021 14:04:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506556; bh=05vdcWHZL4PkRaRnUTngQZEvbM7FJn/OZ3TNy3QRHg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=tbOdvGyhBLC6MHANNxhW8/jvzrBae5+bFD6Fr8Pnp91BPSKXGqlSj91rSwC1TYLlUqkQpT8UqHqArFYdRHlgkkywWRuRKGTtdrn986nn8cXpp4slwddtMdWvr3fcyvDP3zPTdpj6KQA9evtTWBhOH50VqOLu4v0tvegrIZZDY3ZPqOXwstWsh+B9FGK08YwZla++Fc76U0HngSt7flv05q7mLA39Uj3gn7sWIHWmqv9F1nTdGubMHTN2HPj/qc27qJ/XSO+aEac1QMmUz0RdvW3W7Oem72PfGIH0Ev0f8p0p1+YLYl8XaxOhIVt2oWWqlOr+mvaDwp9hLhcENrd7oA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506556; bh=9k63uR3ERKxbEPkcntgv7N+g7Hm8OqDyMGuwOA6rfHe=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=YT4rBlxg0osAkCUb7E+/Ie1wpcMZbzdhINv1eZ3U9gJuiESsK/ANXsdGTNz4E2jVKmtMvKN6cF5q/gZus1imDeGBX4ShA8NiYC2A2zlxHZBj2WxAQ9BNIql3kGZMDYX3zEHBjs2s1jmcoNAP0nOuMxxVpOZ0ZCSif+uEn+aVTc72m6uHDrTLSUOLXvsOh/RhjjAbLSQKYtNaT+PULy5j5yTHCEMrG6+aUznZLHoSxXF/kN5QLTpcLooBCF+Ll0FUR1A+FYwcgOriZiJ1TMynQZ1Ca/e3Dgr0Osv1e0CGHQjV5gHgwScA2DmFnJUs/wliCnrfvJ3459FUi17zglnIgA== X-YMail-OSG: gaV0jtQVM1mwNQ24SP6xB.tET9GDitMB.5A8f98RYsKVrLg7KkeFbB.qkJPYl2c _xXbhoFWDVvFROwIARXRu_g6UyUrnrGdw_Oak_YN9jsLHNuOC2QJnIpe1dsx3YqX01zCAExfu1Gn 6frgzbJEifwwaOq6itbmPLUtIRgXjFgc07vGO0PYzhbMXdaBkkx3Acz4A.Iru.3E3NgR3ZE7tneK HHo8P2czQw9D0ZpioMczPLcdWTVdJtbJu_p_fs3AO0HaznLBEljdVaQ80KAN9YH3DW_zZuejkyzZ jROYQkqg81_9m7Hh8kMzP8xkfqo8AKsUWhDoffHTlptJvjdXafl8J5B7581NTZobMl6qK3ADIhW7 lnEVZRNE6E85uKqEHiLltRa8oNkNDhH7.x2oVX0dQb9LCq6aBhmqoeqdHlX9TzCKdpIeGQ77nn3G .74BAc9SAvDhI__OFTESVhPeQdjX3kLNdDxNpCULKWBgo_B4IQp5raS.A8F8_gbWVc0WErN7y6aM uwGq14IvwLF8bdNfMtocUSMZTIF4tBfHZXZRhgVBv9iQ052u1zHLXxxVOp4U3Q2SL4D8Q5OdehhK dP8U6LG05xkhNvyB9hsBYYgIOqVBDVTpbYU2naZG9udUyGS2ZiBlfUt8r355ZbPi17pFVaW6lIhy SF_BSAIzYg5urLjST2EuPImB9RDjLr3m1mskqADrm4XYW46BFBgzZSzr..yLFjTn1zfh__vsUz6z Q5ZMjCYquYH9j.5S9a_dZtr8LV9n2wyZt.5xueMwUXqEI9l5gdWYqUxDuZelfMcUm9Le7P3.Fk5e Wwb5i1h4cZQDdJAkcmGlHK0Gz73P84CId_7PbsHfIwUIroDZWwBBzrk.clLJHHgVxx7kw4lQyW_3 ta2ZgcZB3OBSHWWsP5DdtCGrBatROWkBKYprsO8S0rauSKIFXjYL2cXjdxhqjgGGEA5Mzpngqysi 4nCRfR9ZCwZhj0EBcbFCo.Yte0KQpEO0AHMHF8rhGJ.mHu2BYgcAG.qshHNBemwdrdjRgqeGzwc1 Gq7oZrw9KfBDMD5Xa7YqxNVcs9FkloT9FKUJOJ8gB.FVRFoDP1w0af2FhR6xErY5OKQgXPbxCyJG i_HYyXGxLhcMQzT2oMjhQgrdW8BgvobN.umlyKyIy70n6g9GM93UBCcu5PEsmJO6sMgTMsEDH_Ab IK6SvKzryzE4E6oHyCGY60L0od2jc30uI0gXHR8xcsvdS24HJM2UtxnhnWRUJxvVfCaLztjyP4rG nCq1KG1wID._5C1Ss5w5PBNE20bz5Z9bQb4c8GZVWe80rsY08nROKnz0m3MJw00497zEE4mz13gB vj_T2neCJu1pguJPMKnXFZwSEP6lkmtYk8tFb6Mdm4pSB8km9V7YL9mWhYt0cIxPz7fpquEwvYtX 4j6gOZU90AfUfVZFD6dPKmDEFwTiXHJf5PTtrsK8MfHFHz2ZOOt3f_pmC3ZJkCPUWnLyt86wWrL. b7Wfte21tEuWL8aYNisTfwPdpQ4.h20foSbBQSjVoieFMStm8fAmgU_qrdcJ4Rj2sWUgQ2CDds.H TNo7zgWcC_ZnO3hW9ZZroc7UN9BclyGniXv41M76LkUQRktpdp5SBChINZQBkRTzdKfEziqvxR_z iLbAETN30OnD1g39x7GkFra1wE6ZDQPgzOw2KTxyfl8Hv6V7hs3C1.PUBIftJx3CulXHdzr7DXuT RMVPEBj_PM24NV.heiq52QyDKyCV1d.vier0Hqphn3Aaq6g93m5.Wts3E_mpFgDYbBwMjVY0sJdr 6MtAKfUIN1aG0GXFCTNF6wrEcoDYOwfkUtvx6fnRaZBw8u1qA9fj3Ft4zbXD42y.hg8s6SUblnai fzPhOH.iXBJrHC456CfPrJj_izBL9HacJcCY03WLJlJkqVFmdB_xIcNLidjyaAJb36EWu7zA8txp YAVIR.fRxEPqgIIpvs6naWo9IIVE7JSOrwolLGUpSmTH.5Lcobkc5Qp8VpWvpAdvasdkyg7QAPNt pH922nDf4UwcDnRZ27K9zX23CYCjC_IKhYKn7wTjae6q9PRYW3WUE_2vKBSw8u9EhVwyiZfujlHT uvTclsBvbFWrcYYOpGTmD9HX5woMmHr5i_WrjT74dwDAxgzlcRQlsGx70znZyFQJbRj.JEHk3YML FTRPaXBFWy5sjORASltlrAihbDmYSfKL4STZLrgLsdVZZ2PwkCAhQgm9dTkwBP2CtmrHtsag5MzC E61Jpgwi0I3a7dhWqSkCTRDtlwjRNZlV3Pbs9vd4AXRYBUpYafCVRfHmVaoVh8PbELjumyD8RIkX xsqTmdLnWXHuKczSIrs.tbv4W6tJU4Y_LDFElWlIFy1SVpqDmnULuLTYHB3G4F_fWMwF4aw5FrGY Dqik8nOZfCmKXeCQ1hHPYXDfuVN4GlY8V X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:02:36 +0000 Received: by kubenode558.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID dbe4b2bbb40ee4c99862de801b32817b; Fri, 24 Sep 2021 18:02:32 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v29 07/28] LSM: Use lsmblob in security_secctx_to_secid Date: Fri, 24 Sep 2021 10:54:20 -0700 Message-Id: <20210924175441.7943-8-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the security_secctx_to_secid interface to use a lsmblob structure in place of the single u32 secid in support of module stacking. Change its callers to do the same. The security module hook is unchanged, still passing back a secid. The infrastructure passes the correct entry from the lsmblob. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++++++++++++++++++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 ++++---- net/netfilter/xt_SECMARK.c | 7 +++++- net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- security/security.c | 40 ++++++++++++++++++++++++++----- 6 files changed, 85 insertions(+), 25 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 399b83ad1a43..e2ca097b58db 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -197,6 +197,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +/** + * lsmblob_value - find the first non-zero value in an lsmblob structure. + * @blob: Pointer to the data + * + * This needs to be used with extreme caution, as the cases where + * it is appropriate are rare. + * + * Return the first secid value set in the lsmblob. + * There should only be one. + */ +static inline u32 lsmblob_value(const struct lsmblob *blob) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + if (blob->secid[i]) + return blob->secid[i]; + + return 0; +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -528,7 +549,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1383,7 +1405,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle static inline int security_secctx_to_secid(const char *secdata, u32 seclen, - u32 *secid) + struct lsmblob *blob) { return -EOPNOTSUPP; } diff --git a/kernel/cred.c b/kernel/cred.c index d82fd1236537..2f9ade2ffb20 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -798,14 +798,12 @@ EXPORT_SYMBOL(set_security_override); int set_security_override_from_ctx(struct cred *new, const char *secctx) { struct lsmblob blob; - u32 secid; int ret; - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); + ret = security_secctx_to_secid(secctx, strlen(secctx), &blob); if (ret < 0) return ret; - lsmblob_init(&blob, secid); return set_security_override(new, &blob); } EXPORT_SYMBOL(set_security_override_from_ctx); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index a7e01e9952f1..f9448e81798e 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -809,21 +809,21 @@ static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] = { static int nft_secmark_compute_secid(struct nft_secmark *priv) { - u32 tmp_secid = 0; + struct lsmblob blob; int err; - err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &tmp_secid); + err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &blob); if (err) return err; - if (!tmp_secid) + if (!lsmblob_is_set(&blob)) return -ENOENT; - err = security_secmark_relabel_packet(tmp_secid); + err = security_secmark_relabel_packet(lsmblob_value(&blob)); if (err) return err; - priv->secid = tmp_secid; + priv->secid = lsmblob_value(&blob); return 0; } diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 498a0bf6f044..87ca3a537d1c 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -42,13 +42,14 @@ secmark_tg(struct sk_buff *skb, const struct xt_secmark_target_info_v1 *info) static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) { + struct lsmblob blob; int err; info->secctx[SECMARK_SECCTX_MAX - 1] = '\0'; info->secid = 0; err = security_secctx_to_secid(info->secctx, strlen(info->secctx), - &info->secid); + &blob); if (err) { if (err == -EINVAL) pr_info_ratelimited("invalid security context \'%s\'\n", @@ -56,6 +57,10 @@ static int checkentry_lsm(struct xt_secmark_target_info_v1 *info) return err; } + /* xt_secmark_target_info can't be changed to use lsmblobs because + * it is exposed as an API. Use lsmblob_value() to get the one + * value that got set by security_secctx_to_secid(). */ + info->secid = lsmblob_value(&blob); if (!info->secid) { pr_info_ratelimited("unable to map security context \'%s\'\n", info->secctx); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 566ba4397ee4..762561318d78 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -880,7 +880,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -904,13 +904,18 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * + * instead of a u32 later in this patch set. security_secctx_to_secid() + * will only be setting one entry in the lsmblob struct, so it is + * safe to use lsmblob_value() to get that one value. */ + return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, secid, - &audit_info); + dev_name, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** @@ -931,7 +936,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, void *addr; void *mask; u32 addr_len; - u32 secid; + struct lsmblob blob; struct netlbl_audit audit_info; /* Don't allow users to add both IPv4 and IPv6 addresses for a @@ -953,13 +958,15 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, ret_val = security_secctx_to_secid( nla_data(info->attrs[NLBL_UNLABEL_A_SECCTX]), nla_len(info->attrs[NLBL_UNLABEL_A_SECCTX]), - &secid); + &blob); if (ret_val != 0) return ret_val; + /* security_secctx_to_secid() will only put one secid into the lsmblob + * so it's safe to use lsmblob_value() to get the secid. */ return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, secid, - &audit_info); + NULL, addr, mask, addr_len, + lsmblob_value(&blob), &audit_info); } /** diff --git a/security/security.c b/security/security.c index a049b82d58e1..520fa287c90c 100644 --- a/security/security.c +++ b/security/security.c @@ -2194,10 +2194,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) } EXPORT_SYMBOL(security_secid_to_secctx); -int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +int security_secctx_to_secid(const char *secdata, u32 seclen, + struct lsmblob *blob) { - *secid = 0; - return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); + struct security_hook_list *hp; + int rc; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); + if (rc != 0) + return rc; + } + return 0; } EXPORT_SYMBOL(security_secctx_to_secid); @@ -2348,10 +2360,26 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, optval, optlen, len); } -int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) +int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, + u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, - skb, secid); + struct security_hook_list *hp; + int rc = -ENOPROTOOPT; + + /* + * Only one security module should provide a real hook for + * this. A stub or bypass like is used in BPF should either + * (somehow) leave rc unaltered or return -ENOPROTOOPT. + */ + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); + if (rc != -ENOPROTOOPT) + break; + } + return rc; } EXPORT_SYMBOL(security_socket_getpeersec_dgram); From patchwork Fri Sep 24 17:54:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516395 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4056DC4332F for ; Fri, 24 Sep 2021 18:03:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2682161250 for ; Fri, 24 Sep 2021 18:03:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347811AbhIXSFS (ORCPT ); Fri, 24 Sep 2021 14:05:18 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:43952 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347804AbhIXSFR (ORCPT ); Fri, 24 Sep 2021 14:05:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506623; bh=FLureY33Ru8CkMBIhaVMjd/jlAfUxcbfvb2ii7d0J3E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DTSgg82pZJ+x0TlSbCZQvsRVN5jIdQnbHyMKRYLh/5+04XAAhI+au5oWkeOqQtlz9mkPMqRLWuHEffW/wurVHbAtYkWKVEL3My7tdR2XnL4sAM897xilFH6KNSGk8YXHiYN6lnrmyWq5fn0y+RP1MQzqZd2fhNHOMoKiUNL+bWIUPuysiHGbdOdtf05YmQG+wVABmxZSaqd5DwllH0u742zd6a+OYtM+vfsIbmgFrmuqqt8CyiSXlA/eqgmK3VrlKC4B3XMtmasBE94dlb6W94CK6L/h9lV8UV6wY1IrA3opQ5n8puDK1GH+E4w3MBQQbhCsjZ/SbGqL/a1+2UaoyQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506623; bh=nraNd34jcqMZSRrT3Mn+7zd2PjpBbcwbZkDv/La9D73=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=IskwGNeQ8P7HyddwRZsNvPQdBhqVFIcGSqwOTcsvW4j/xHLBCNBLFPL/HGzSMf0hMMOQhhAlGq8HM+2ncX400IQZgXedytBxKVm7f1mxTFvFOPfbrWPoVxnMU13MdeJs5+cWED7QWc+hxCi3GjTtjaZOPgmtTY7ylYE2OAUVR3CwCXIJQHkataHNmZ9tmRbc2r5QF5kvu50A+FOUGegArZ5wtk8rDqt0c7s1Y3AqR6Es9MBkSrxEb/U4iiLyBHQ4OIX/yFsdyS3jh6HfGmsgJ0P4RJDC06pomH7FytbwycRqv1SJF7vz5//QsyAE7J2szj2+LUqYG+PmYxyo/MVfDQ== X-YMail-OSG: 7px3tTAVM1lTrEdKzAF3aBHK5D8bpdCaSmCivJj1kz4_rUL0bx8TAPUvL5wOY5J i0sBridApx0c5ZBo3vG9XaPo2c9ZxglB.QlTnuK_y7jrzBVZb5.2TaULh8L6NSCxnoGDs5pQ89IF NL7uj8NbWwW6HCINPrSU6t7tE.stcBCSqLo7ZPwsvwCkiJID.9zUGQEoOCuXAsjSzQNnIl_tXsZK GA20kOEzDAp7ZTdiHrBTAB_YIs3FHzj756JnuYqhLy0m9tUUxHA_lDkwRRBD6LNaKcq8SKSeio0b Jj09ccWf2dCsZV5CWuWp5PjRmVsgp1QmBCu.kdJC3qaeXzaJZ8T3neLMaRWpk7lQB_m1RMXi09vL CWJvXjGaDa3FVz3IyC0YPYA81dNxjSJ70mOrSdGoEDWLE3TvDVPQAjTjJLuAyW96pUYIdyU.VPX8 qEX.NDGVMeVKlo8i6fObnzNU8PT8i1h2qngD8gbABQBKrWBpVicr17Wg10ry408dHSZix5ZdN3hD K8rRwyk46NfbiveiTuw0C6jrgnM4GnHJkn33hFU3RgNMsiMKZ4A27aI5oNrBmmQ_P3xrQ_oR991K 9WL56.kWwoj2pOX9R8XVYqydjoLCIgPGx8w6Vs5Bbpqa1sDBgv4AwibiMNPrvGWbV9sOfeh5OITg Ww3bBmQXr2gN4skwomTqb_HpYqq2x4bwZIWwiCaab0QHX9qJVnoB9bN3ZnK8ueQirsXdFqPMTdcS PJcKszCwNMDNaFKjBNBucHL0oQqB7UOpTwmo6uUuqMLqol9U5FyFmBHt6wk2poTKhZlDDQyLr41p CtKqpV0gS_OWQMy_NIY5V6H5fr0dT_XmdNscFWILXuqOn6xZstkR9OdSsb9P7.eAeh8JT9UFgbkl oEMdJqb2EUSDkJ1i8aOJy6QFTV0WICL_Su4nQUfhCld4BsMY8zSZ6hNoQDVn2BRh1ucYoNS1HxbT qkBz1iSak7wZ2MhBf42OVuJMqtpinqxdUpP.ajlNDpgY1IsSMrNAXuaGLBEJkT6SkIrFFwcVJf9i doCpitb0ioh0NndLR4G_OwCIDe2N.hnJovIXcjc3B4We_5kQOvlD5JvBpelF8YaGZSLAB_IwFsQ1 1yLM4Uw.48jdA5ijmO6OMCeguiWq1ytEWQx2H.KhQrY5V_nOsWSjqOMm5TykRWmyBBkfy84XQYv0 JPhQ6A3PyTEFwFhA3Mf9xb1WKs5fAGH2G5sHMNArB1xLxG0i_113YtXmukBb03YwCJK6_vQr3HJB CyWMiWCZMYiqFbj5991d76YAR1Mex.bbulmQssRWI_9U5jD9qeEPJhQYt5CAGIqQkbSzMMkZVJ_h KSwuVRKN_yFWxC1PRs1PNzxI1HOUV.T59vISDFB7yPQ8zaqK.b5hSpxrLZz_vzmCUCkLz_CGpg7R wfddVs8dD2cOEuEmS0mYp46Bm859fd7LQMltA16f1AEZmj4e3xWVStxv1zDbIsbAEB.f3mpwTcc9 BhDu8157XCOzMChy0LMVgioJwesVJ1wqU41RT9sfktaDpJ3.U5oomHWlZqpnsicn0jdWtY5klFm1 O_bYUeeHgIDJiFU9i.H.8rDhPpAzyq3KP0gLfOUYebI3HfTfgxOQkik0S9_IPysHRgTFQnv36kS1 w_IYmn3UAX2zDgL1M2.f.DXecT1NCKdvTW4cyxkSCQlV.1fxD2YLPiFkvDojiFsxNTNMGAUyeKII eVssrtOagAU3wzz8_NpQuXlKs1lH5jvHzjV6_PzZOf.uCYOm2NjGyh9Q8gc_haeNCZjZYRMNEw.f DeW_rLWBH8FGAw1WwHiULzMPVG7H8b_zoGQ8rP1r1D8VaF.JiH_0rF6T1rqsq72b0YAxNtR.4w6t kjhgCTolqtE_YGVck2TZ.32lkPZIvX4SsZxHFFtyJ6m._GL5Tw5qMaydf9OAoQAjh410XUX2bO0d M3jY6tAa7S55cnz_kCgvuox5drb5q4TblGj2ENGA.om6H6FbSaO7f6m13agj_f1Py7cE2bORT0sG c8twEOzKWoYJNx5XVmkA98KPgEglOP_nmlVd3vMCAEQ5H1MK0wt5WpBify7bUdSqBaMf0GSfrKPH UL4BBTBscnFAiHQdcFJ_c0yIbSArLnfhtXr2wwhVHsR7Mp.2nTyi0q.1e4fM2jeWXj2T0kIaZlbS GIzfGe3_GgDc9vFbfmN4o15jg0tYKT.vlJLCbx2Ze95e5m3XgxUn189flzHAfzGEln7E8BeBY.zr iI.dkSoRWwxW9M.5rChskGF3zLnCf7ONfnqdx1vga.IBZE5f.1wYF3B1OiK448G3AqdacLDeZMUc nKOGHF7o3S1a836Yc2l8Evp67YfnNMU9g2J_Yh1LeWDY_sqhdx1uJtQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:03:43 +0000 Received: by kubenode532.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 6b6c86a25dd254bc610006144a96024f; Fri, 24 Sep 2021 18:03:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v29 08/28] LSM: Use lsmblob in security_secid_to_secctx Date: Fri, 24 Sep 2021 10:54:21 -0700 Message-Id: <20210924175441.7943-9-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change security_secid_to_secctx() to take a lsmblob as input instead of a u32 secid. It will then call the LSM hooks using the lsmblob element allocated for that module. The callers have been updated as well. This allows for the possibility that more than one module may be called upon to translate a secid to a string, as can occur in the audit code. Acked-by: Paul Moore Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso --- drivers/android/binder.c | 12 +++++++++- include/linux/security.h | 5 +++-- include/net/scm.h | 7 +++++- kernel/audit.c | 20 +++++++++++++++-- kernel/auditsc.c | 27 ++++++++++++++++++---- net/ipv4/ip_sockglue.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 14 ++++++++++-- net/netfilter/nf_conntrack_standalone.c | 4 +++- net/netfilter/nfnetlink_queue.c | 11 +++++++-- net/netlabel/netlabel_unlabeled.c | 30 +++++++++++++++++++++---- net/netlabel/netlabel_user.c | 6 ++--- security/security.c | 11 +++++---- 12 files changed, 122 insertions(+), 29 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index d9030cb6b1e4..42bcf22d1e50 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2711,6 +2711,7 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { u32 secid; + struct lsmblob blob; size_t added_size; /* @@ -2723,7 +2724,16 @@ static void binder_transaction(struct binder_proc *proc, * case well anyway. */ security_task_getsecid_obj(proc->tsk, &secid); - ret = security_secid_to_secctx(secid, &secctx, &secctx_sz); + /* + * Later in this patch set security_task_getsecid() will + * provide a lsmblob instead of a secid. lsmblob_init + * is used to ensure that all the secids in the lsmblob + * get the value returned from security_task_getsecid(), + * which means that the one expected by + * security_secid_to_secctx() will be set. + */ + lsmblob_init(&blob, secid); + ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index e2ca097b58db..60f0a56f43ed 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -548,7 +548,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(char *secdata, u32 seclen); @@ -1398,7 +1398,8 @@ static inline int security_ismaclabel(const char *name) return 0; } -static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +static inline int security_secid_to_secctx(struct lsmblob *blob, + char **secdata, u32 *seclen) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index 1ce365f4c256..23a35ff1b3f2 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,12 +92,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmblob lb; char *secdata; u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { - err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + /* There can only be one security module using the secid, + * and the infrastructure will know which it is. + */ + lsmblob_init(&lb, scm->secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); diff --git a/kernel/audit.c b/kernel/audit.c index 121d37e700a6..22286163e93e 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1442,7 +1442,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_SIGNAL_INFO: len = 0; if (audit_sig_sid) { - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); + struct lsmblob blob; + + /* + * lsmblob_init sets all values in the lsmblob + * to audit_sig_sid. This is temporary until + * audit_sig_sid is converted to a lsmblob, which + * happens later in this patch set. + */ + lsmblob_init(&blob, audit_sig_sid); + err = security_secid_to_secctx(&blob, &ctx, &len); if (err) return err; } @@ -2131,12 +2140,19 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; u32 sid; + struct lsmblob blob; security_task_getsecid_subj(current, &sid); if (!sid) return 0; - error = security_secid_to_secctx(sid, &ctx, &len); + /* + * lsmblob_init sets all values in the lsmblob to sid. + * This is temporary until security_task_getsecid is converted + * to use a lsmblob, which happens later in this patch set. + */ + lsmblob_init(&blob, sid); + error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 447614b7a50b..df8a57c5355d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -677,6 +677,13 @@ static int audit_filter_rules(struct task_struct *tsk, security_task_getsecid_subj(tsk, &sid); need_sid = 0; } + /* + * lsmblob_init sets all values in the lsmblob + * to sid. This is temporary until + * security_task_getsecid() is converted to + * provide a lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, @@ -693,6 +700,13 @@ static int audit_filter_rules(struct task_struct *tsk, if (f->lsm_isset) { /* Find files that match */ if (name) { + /* + * lsmblob_init sets all values in the + * lsmblob to sid. This is temporary + * until name->osid is converted to a + * lsmblob, which happens later in + * this patch set. + */ lsmblob_init(&blob, name->osid); result = security_audit_rule_match( &blob, @@ -999,6 +1013,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, char *ctx = NULL; u32 len; int rc = 0; + struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1008,7 +1023,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (sid) { - if (security_secid_to_secctx(sid, &ctx, &len)) { + lsmblob_init(&blob, sid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1252,8 +1268,10 @@ static void show_special(struct audit_context *context, int *call_panic) if (osid) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx(osid, &ctx, &len)) { + lsmblob_init(&blob, osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1408,9 +1426,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, if (n->osid != 0) { char *ctx = NULL; u32 len; + struct lsmblob blob; - if (security_secid_to_secctx( - n->osid, &ctx, &len)) { + lsmblob_init(&blob, n->osid); + if (security_secid_to_secctx(&blob, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index b297bb28556e..cb10b5f03cf4 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmblob lb; char *secdata; u32 seclen, secid; int err; @@ -138,7 +139,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) if (err) return; - err = security_secid_to_secctx(secid, &secdata, &seclen); + lsmblob_init(&lb, secid); + err = security_secid_to_secctx(&lb, &secdata, &seclen); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index f1e5443fe7c7..daf554915e07 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -341,8 +341,13 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) struct nlattr *nest_secctx; int len, ret; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return 0; @@ -650,8 +655,13 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, NULL, &len); + /* lsmblob_init() puts ct->secmark into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, NULL, &len); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 80f675d884b2..79c280d1efce 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -178,8 +178,10 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) int ret; u32 len; char *secctx; + struct lsmblob blob; - ret = security_secid_to_secctx(ct->secmark, &secctx, &len); + lsmblob_init(&blob, ct->secmark); + ret = security_secid_to_secctx(&blob, &secctx, &len); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 4c3fbaaeb103..bb97e8af8345 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -305,13 +305,20 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) { u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) + struct lsmblob blob; + if (!skb || !sk_fullsock(skb->sk)) return 0; read_lock_bh(&skb->sk->sk_callback_lock); - if (skb->secmark) - security_secid_to_secctx(skb->secmark, secdata, &seclen); + if (skb->secmark) { + /* lsmblob_init() puts ct->secmark into all of the secids in + * blob. security_secid_to_secctx() will know which security + * module to use to create the secctx. */ + lsmblob_init(&blob, skb->secmark); + security_secid_to_secctx(&blob, secdata, &seclen); + } read_unlock_bh(&skb->sk->sk_callback_lock); #endif diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 762561318d78..51cb4fce5edf 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -376,6 +376,7 @@ int netlbl_unlhsh_add(struct net *net, struct audit_buffer *audit_buf = NULL; char *secctx = NULL; u32 secctx_len; + struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -438,7 +439,11 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(secid, + /* lsmblob_init() puts secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + if (security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); @@ -475,6 +480,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -493,8 +499,13 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -536,6 +547,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct net_device *dev; char *secctx; u32 secctx_len; + struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -553,8 +565,13 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); + /* lsmblob_init() puts entry->secid into all of the secids + * in blob. security_secid_to_secctx() will know which + * security module to use to create the secctx. */ + if (entry != NULL) + lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(entry->secid, + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); security_release_secctx(secctx, secctx_len); @@ -1080,6 +1097,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, u32 secid; char *secctx; u32 secctx_len; + struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1134,7 +1152,11 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, secid = addr6->secid; } - ret_val = security_secid_to_secctx(secid, &secctx, &secctx_len); + /* lsmblob_init() secid into all of the secids in blob. + * security_secid_to_secctx() will know which security module + * to use to create the secctx. */ + lsmblob_init(&blob, secid); + ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 3ed4fea2a2de..893301ae0131 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -86,6 +86,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; + struct lsmblob blob; if (audit_enabled == AUDIT_OFF) return NULL; @@ -98,10 +99,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); + lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(audit_info->secid, - &secctx, - &secctx_len) == 0) { + security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } diff --git a/security/security.c b/security/security.c index 520fa287c90c..8163dc615ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -2175,17 +2175,16 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; int rc; - /* - * Currently, only one LSM can implement secid_to_secctx (i.e this - * LSM hook is not "stackable"). - */ hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { - rc = hp->hook.secid_to_secctx(secid, secdata, seclen); + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], + secdata, seclen); if (rc != LSM_RET_DEFAULT(secid_to_secctx)) return rc; } From patchwork Fri Sep 24 17:54:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516421 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35642C433F5 for ; Fri, 24 Sep 2021 18:04:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1794B61251 for ; Fri, 24 Sep 2021 18:04:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347818AbhIXSGY (ORCPT ); Fri, 24 Sep 2021 14:06:24 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:33720 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347788AbhIXSGX (ORCPT ); Fri, 24 Sep 2021 14:06:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506690; bh=xKCUJV/noB85NzHuofJ0A55XB4HuQXNjaZR3bcQzwRI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=QQ3S+b9klZG8Yr8RrhPsHBwO2Lp8/qwf2ITsGFW8zXv1WEDyE0wV4JcopMcKepT+p5O1dWDbq1rVUHu03WXkf3dXJjpe4YABCFFWGqdjXaTHq3WWI2bGnxo4qnt/GJi9fcUgcYUadNVvXGtaJ8+Ej6jyesufIrU+j8W2CKW9VVMT39YooN1N2L57ZSiVj/nlu9zY8sg7iiprKYcuEJNahrVCMhYMUI7knUCkdKZSRMZchtX6f8rpnI4r/vOADv9z6oC1BglX2n+VLdCdN32YSgpTYOuUSE8Iq75bgf3KRF/cv/+TN/TfZhoWf9GCHhf3YFleNDO+/M6/hQNhFaiCkQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506690; bh=HZJMe6GOqo6ThhR/Ce91mUT+BCOkp3Hvt28wvC56USq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=uJQL/QkdHcLIEzd8KfgUI4lqexiMThpqIIEiTgb+MvA8YQ1H1LyIu8/dGjGvmFj46TEsg5mCDeF/S6kxvwmdpldw52RwU3OCsHqlT5HaFaQq+z7Ks35FKwoDkTPZ/EBiK0Vg0Cx2ZXwhUIWByn7WOCmvVr44lozyMKyOUflwy/in5o/gW6P0K6zG37gz39jTxzbVsnVRDqsSInyaZQqZiBF9jmWHGNlZqMcrGFiwiEgsiDMbP4zgdcYkOWmaqVwwI99sJTDpxxcjMRxIqMvDsDEZfebk2ym9QJbVRelQsHzhb2ptcDmb+Tne7OErRTRfMO5vPhbFoCiEAaJc/KOLvg== X-YMail-OSG: SVyf_oEVM1mnwrVTstD1GUT_mPueb6aBf0utDdLhdk6qFVeG6CySPpXKxGh2LSB 2aTu1SDRYeB0j1iB2YjRqAzOd7O0ca8OYZYP0ryNjmudR7azKUD9ux6We.2jG_5z3L3.eiGbJyFi N3iJvuKMjw2Khztobhp2bzWG8uoVKUNrbm2Wv0zw3wbJeR2SxCiuttlo8dSxeQiZIQatfYOPL4pi 3YeKtpkRSwWXUjke_ZO3eGBakfDMR_piLsCccOIZleGjMdHWRvU3DJrBv5yvWwvaGjm.yLBp2rLS s8Pvfgw1y99MHmwjBb_wh4NtriBKKcyebkJnXUyk9f0ocMlAy6lPc3nMhFDKQfVTEzMfFznt_Nhm .SwLWqi0ZYJVa_vBfdJjX_maURvL2mSwkpBahi31Ys02vSWTGPfWPHI3p36DXu7SlOmszN42MbDi uy1FUavch5HLXFv_di0uPf8Ghph1arXRYdqBvTb6Z_SO0vHisUdZIwyr3VV6iuOdWIv5l44uC9gB 99fv.aAj_J95M_4ERyOg1Skg_foz27iZ26dULi6Jszr0rWeK9EDD3VxB5yduKP2H0kdBqGNtQyyU H4ark08jEvt1vFJmswL6nuClFocC6ktkSgvRq4pBlLvmN7uyfiHn9bzdTXmk7U82GZ.rX1WpbyS_ tk6grohsYGxiBol.Kt4a8f68vQ2NgsYAjI.HVbA1twkNwMShvSl5NKXWWt0MJku9dfijpBQsd2eI x5lQ0lhI2pekKBUsK_8YD2SpeVmpaLlGYAlBAzsHMg8FhquzwWTXbCvJ0v64flwwJpsfe.GSQEMS qAScYqqWuL.yH_1VnPCBZr2R5w2.nlQMjzxrfPx22CRUmCNfJpELJqD0kjbbUY19JbEdZBXUktIR zZzlvqtqH87DLRuFCFdLqLjX1XaR6xwvCjsPjGe7Ph8Uc45FQxaQzRR4xjjO0m9bIB5scv1n91Na jxgqlRKhDR0AJRoM1xXZJ7o0ID9n1CfsPcXjGJAiI.OtsXjraU.f5C9fdp7XBlSaYvR0GqYNMUtz tZMmBn_GEPZGRzxhvbGY9PKlOk_Q3FR_Lzivc__h5MpVzy15D3dl1X0YNArCVj2j73Ynw.Pgg7UI jsNxF4SnMf_F3rO5MpCA8djks_P41mCCjKSXLRV8NGU6E0jBsXMdVm3D2xmMCOO21dF7QCXKtKPQ w92Lveuj69joX2D9oE9dssRUkqpoDiKOlwdnhQw1y31PVxYZbxWUJ2DotkuDrdRhhR1E726ozjIA 04ODOWLlI.slPX.ZFhNuDb33upaJYt3cG8CPzV2m960xGLWVlZ3auMlDufkicltXZzotgalgiY1k j5qmEGArXaGujoxl1QXtuXrVO7NpVTQTywaqH0YI9YKTA9MmiWmA.L40u7H_ynb_WgyPJRS1QklD X9idInTgDw8hOlaUUKmvB73TrZFqZ.MhlPmYNS15VCLqAX_4zMzQrUuxoLop_t43ErJWC9VGE7_2 ysJKOfVWRaq80JIY51SNW.BfXiNEhXRAT39W4KYKcOY2P60EPVGlejSRYmvyWpBIMj0MOndwt9xe 3Mnza8itIS_asMCCiQXa6.Bf7t.5G6YC4Nc7bCXuJDt1yG3FqWuqtzGgTRTUD9v_EGwBAJUARNr_ wImeporS1cQNtVi4TKwjKdeXbhg1fv4XBnAxwPNgMvfEZqa5F_unDNxMlaYVMQsWO6OeCXpxOABT .8NM46tYctkzc.JMRuyqlVuB668KogRS_p3yaEYzUiLElY_erRokHtZxsrMIY45Mo2C5MYvS76jj GBOlEYL7B4l1gAyH7J37xDZtWUDTolPtoEH3wSXTyxZ8uduKVy4IZ44eQS6aS8mPqPwsIioFDC5e VkF4bjzAEd47WQHodE.bw_XO58NiCFn5s2GqvP2KQKP7R9kLP7JjBev1wrXAROtOZUaLUPAsDGcv 5uaswCTmbWY5oJk_F6SYjP03hDkj0T49QkeeIL6oeQMNtStHVR.6zcLh93SDQEgMCPcfy4WTu8Tr ZFGN4OIzPBVQZl0jKHMhIi4YL6qYRQ5l2kYWTpoz4IrVCI3bohI3muI79ihR6kaUurv.grFOqdtX kp7NO0tOcSzuCEzzekbwOFFSN9_4UdJ.mH0_h8kWwNhQndZE7AA6_chmcsniQtFy282l.zBEcijd RAzxbRiN_dwh2QF5zjDoOHmK7DI34eBnEe8Ax9s3w.5fteW2rne6nALM9zYvDe0COPcMYEkEstSy o8rmKjDo8XzekCM_xQoXmnwOO8i93GTDG_ia2FZ6ZWQKjEjBIkFmauqct0734MQXj3FqlEPh1S03 vBugLA..iHNhDefJmMHNB.ufkaWYolGU39emOCK0zab9K.mndi6QehrC4EqYEL4ZEur3zIpf7qa8 2UD8QcQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:04:50 +0000 Received: by kubenode587.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7b718ee39b02e3cfc6fa46b68938565f; Fri, 24 Sep 2021 18:04:47 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v29 09/28] LSM: Use lsmblob in security_ipc_getsecid Date: Fri, 24 Sep 2021 10:54:22 -0700 Message-Id: <20210924175441.7943-10-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: There may be more than one LSM that provides IPC data for auditing. Change security_ipc_getsecid() to fill in a lsmblob structure instead of the u32 secid. The audit data structure containing the secid will be updated later, so there is a bit of scaffolding here. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 7 ++++++- security/security.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 60f0a56f43ed..e674a6cdab46 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -519,7 +519,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); void security_task_to_inode(struct task_struct *p, struct inode *inode); int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob); int security_msg_msg_alloc(struct msg_msg *msg); void security_msg_msg_free(struct msg_msg *msg); int security_msg_queue_alloc(struct kern_ipc_perm *msq); @@ -1276,9 +1276,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, return 0; } -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_msg_msg_alloc(struct msg_msg *msg) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index df8a57c5355d..b4d214b21b97 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2337,12 +2337,17 @@ void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) void __audit_ipc_obj(struct kern_ipc_perm *ipcp) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->ipc.uid = ipcp->uid; context->ipc.gid = ipcp->gid; context->ipc.mode = ipcp->mode; context->ipc.has_perm = 0; - security_ipc_getsecid(ipcp, &context->ipc.osid); + security_ipc_getsecid(ipcp, &blob); + /* context->ipc.osid will be changed to a lsmblob later in + * the patch series. This will allow auditing of all the object + * labels associated with the ipc object. */ + context->ipc.osid = lsmblob_value(&blob); context->type = AUDIT_IPC; } diff --git a/security/security.c b/security/security.c index 8163dc615ba6..f6760b25fed0 100644 --- a/security/security.c +++ b/security/security.c @@ -1995,10 +1995,16 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return call_int_hook(ipc_permission, 0, ipcp, flag); } -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob) { - *secid = 0; - call_void_hook(ipc_getsecid, ipcp, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.ipc_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.ipc_getsecid(ipcp, &blob->secid[hp->lsmid->slot]); + } } int security_msg_msg_alloc(struct msg_msg *msg) From patchwork Fri Sep 24 17:54:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE94AC433FE for ; Fri, 24 Sep 2021 18:06:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BDA3B61250 for ; Fri, 24 Sep 2021 18:06:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347951AbhIXSHe (ORCPT ); Fri, 24 Sep 2021 14:07:34 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:45586 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347881AbhIXSHc (ORCPT ); Fri, 24 Sep 2021 14:07:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506759; bh=lF1ziX5gHsSe9ECLJ8VrrXequmqld4YMJ0fxEuwG6B8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=P8rv/FJjbB4XL7jBlvrQPbu6yal6zIOPdlSi5TVlu560z/Hcq7UGacSzqsDkRaufl6oTfkKdvRLu9KZw6mVDpdYgAFWCjmarjGob7r4uc1Sr+8smLxT0FZ/jx4BWNcdmO2K8vwe71QdirF8HByQeHr2rpF58vOqooQ3yITy5Czfgp0ngsDkQJ+MCHzJiVsEEm65lcyI2vrmqjJ2uLQRdhSHF1vy5un2UENGFcIfQgLcOqAJMnv3hAqots91XNH1oQpP2eJK71AXD9g9cZ/NMD2CM5uIGUYU5gqA3/hPWSYLf2YxDie4DPlht4fGeLaLjWQb65AkSwAvqie2y2Z409g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506759; bh=IidI1bz81wUanKA4KLf6bUe2F4WNKk7TxHk7pH04u7n=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=jSOMdyun9jL6e0jzJ3EYP/AqSoh1az++e/EyVBumxoZDs0q9eiXSmB4usQPzUicJjczAzIxRqUdMnZrUT6GdR+Sy2fHR289MA31K7pSEwzeFbFvvLLdOi/8Dj3AsksTXB8nXFblkiiK9dodh877a43hriqPgcfaXj64+m6XDhUeuLO4N3+yssGw/Wywk6bGUYzgXFblf+PtVwNptggjukxCQ4AE3sJJHs6Ok2zk9TmbcGrMpg5YC8rClqleJvRGNwxev+MmdW2Aqq66y/dJx+oFyo9ELIEwJMxAPV3ARp2PGUzhdUrJ7mvYEnXu9AlUNcbJYIoQJ9et0/GC5kJO4LQ== X-YMail-OSG: xJ1D3QMVM1mHqVa0G1WVYdCRFBmw4xNAAM5l5cRwJsmgvCc3kd7gsP6nVJyiLXi hBX51jqXUXLd7c9zZoiDfk21jR3oD8DuBMRYdrArtik65A5ubIQmZfCO9B6Ala641uorB5O0wvx6 7shq_0I.KhiQUuc.7.E9UQFGEL4yOp7hNq_oa2oYGFfc2t.fwHnDg_VaT9d1Ax6gaipVCz5yDdXr 7qHaMi3f1ivOJ0lfYjg.zeIS2m6Sr2g7mixTQAZoKaCVe.TDnC_VJTtHw6SVH4Qg2SjSbRXcYiLp jrkLwY3lI_tOThW3iVbvahtNFN5L7kTLDMgHc3Dkk.ZcGFxc0f_SJPAu.Uxo_0fk0ZLDVCfSFh8h zyublWco_NgDCKfIRe7ao30TPiOAkxx73INEklE9bWdSu4lqgR3TjomBLqPx46sgAoUb6SYJPDgc Ywi4sMvvulePPwgMD7RQuMA_KtMvF95cB3gI_2RKMe9LPpUZkP4bVppP45CAvCKRq39ly3ivOjbs Cam6GfcbtX57x58KlRg8asvOxPaPQqpTG49.MHAbst4oMG7F3eljVvNzPFXUYsdlbUBSMPXeB9ry 6T2ORlNStBSeB_XMkg9gX1ZKARsh4CTngqsXsWsYPy5FTtHKgiXfkPPksSD9IwcHgObFH2629nvY xfnqAoZ07MKEiMrUHREGZJO9jjHaZPQZ0VfLDsL8wHI7IVRJ2N90lKXzLudRbdhRY60d7tGMtKs2 jP_kzOMfPiRwk0B7Hpu5UazS9CHQMAl6VxmS_hkrVZ37rELXR7htwlmLjcQc.3WgekiNo3T1qrQD Rmf50CsoLw34gH1c3Nso43UIxvKYyYm05qrlzrZYNu_h7tx5XAjMGfC2ovwxst14hMhOw7pWkxn7 gRIp9aV7YlzC2e8uTbnTYeyrFOtTx02mvLKRG_meJ9G8NBplO1PWiZLqUx5SuXDTfRcy5VuwBDP8 bcfAi3wTuqfRHMYmaWPAjGB3t4jjwVV1KuPsEALbXOtef0w2D2GbeDl8ws4eYEQcaZv.ZMos9umu bNqf5lTrtDTsSydNK_r25RICi4MVJT1rQ02ITmSyGQnfkTCpGDfbVItnXrHK2AWKSe3aKpfvI2FT 9s_RzLba.5xuBXrDZFrB0GJhZC_rU3Szv36R8mncnpbtXFA4Dq33Tlv5yecFu4jol6U7XtH9I9p_ isgUlsvD6uQ7wWpMb_l9wUNeANTkX12n4WCfVsStUw.lqd1a.B5OiJWPxkgkmX1CoPdOoFqCxizk hY9h9y9dFwYp1XJOQHiL9Dy2xKOVp1Ykbcaz28c7yBK09G597mZhYgO.ws9Ft8yUq4YlmPuNsmwE MScMLVIr49KIC7_Am7zfG3e4vSP.MowMn0uydAffegzoEgWqztiDmfZNDoUIkNcGldgfXECajOoS qadBbYu4Taa_PUZYS29kKZX11Ddsg1k9xMv1_grTNZK2wB0zmBVGG95w3ov62Ij6hRxgkwgsePHs r03emvWQdWf5gZLX9RfwgD2ncfU8KSMV3DD3Cwd6gZiIbPT6TyZkAQb1FsMqTWL6kUppuwF_mbzk yZmSSJZ_cm.d6oS5Fz3f3IwQ9a2CK_hW0Ubt127.DeyJrFRoh70ptd_FbCZAVoms0tVxln2.rzap Ag0tFM.GUX1qsRSSVJY0CzFavFZfotGVgkGu.D_aly3lqaE9eVUazFT6Fx1d23auLiW0u3CAyA40 ia4kK1IuuP7qdYYYOudhFkhj4wQbA8ofAiP1ADhqCURX8UABJ0HmB2J_BH9V2pUEw0Sv4QJd1XST RD7akvGq0tLx5qo5NW7KDapp7xE2sME9hM8PEkIqxh4aemHXuJAdoBNnji3S2o0Wuy5s3ihKWRwn rNMpvDCQfBc1tnse74nFlV58I7WS6LWlxXpxKzPnSDQfgHpdPQLcRA0z9yuJaaW_euykam1PHy8h wmFQN_OtJimhkePQsh6aCr2OYfE.gGXlnFJftmXe0dru6o_I7QGWPbHhs_ubRwVmUAir7o34XZo5 50O0B56_08cUEBzNApflVEL3wFZCKU29DZcx1AQuqkl3CTJmLdo61NCfI_2C2SuGMk9BjHcqJ3b0 ytiFrpsz6DMYI.lZsaej3ZGv5eWw__CKLr9RCy7G7VY8DIq2.p2FaZuDbMbDlW968PBAtn8VB0Ma R_V_9r9Y26T0GHfD6B0qwaBiYA1NIKNWd7ZvjNGKh663axaYkygPZlets0t88OgHU92EcaxP0Yr0 F2jBQf77KoKN6Znvym3oh6lpJ5Cfgg6wwZj9PwWB9k9UwNG0KzbLq9_9R4G9vCk3veArQYw4zit1 8.mj4S9ggV4iyBCoDAW8hbJ9dn7KPNfDj.cNkHSZs.OJdfkJYiVksAx0wrLwRwc7ND_m20ZrKgKs 6Bxh04gdytFtjiUUFIj6LSyE.CEz8cXceZw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:05:59 +0000 Received: by kubenode586.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 8b07f85760cbc40cb575fb1fa28abcbd; Fri, 24 Sep 2021 18:05:55 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v29 10/28] LSM: Use lsmblob in security_task_getsecid Date: Fri, 24 Sep 2021 10:54:23 -0700 Message-Id: <20210924175441.7943-11-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the security_task_getsecid_subj() and security_task_getsecid_obj() interfaces to fill in a lsmblob structure instead of a u32 secid in support of LSM stacking. Audit interfaces will need to collect all possible secids for possible reporting. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +----- include/linux/security.h | 14 ++++--- kernel/audit.c | 16 +++----- kernel/auditfilter.c | 4 +- kernel/auditsc.c | 25 ++++++------ net/netlabel/netlabel_unlabeled.c | 5 ++- net/netlabel/netlabel_user.h | 6 ++- security/integrity/ima/ima_appraise.c | 12 +++--- security/integrity/ima/ima_main.c | 55 +++++++++++++++------------ security/security.c | 25 +++++++++--- 10 files changed, 94 insertions(+), 80 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 42bcf22d1e50..d17a34445dcd 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2710,7 +2710,6 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; @@ -2723,16 +2722,7 @@ static void binder_transaction(struct binder_proc *proc, * here; however, it isn't clear that binder would handle that * case well anyway. */ - security_task_getsecid_obj(proc->tsk, &secid); - /* - * Later in this patch set security_task_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_task_getsecid_obj(proc->tsk, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index e674a6cdab46..de70742c30d6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -501,8 +501,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_task_getsecid_subj(struct task_struct *p, u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1198,14 +1198,16 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_subj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 22286163e93e..d92c7b894183 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2139,19 +2139,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_task_getsecid_subj(current, &sid); - if (!sid) + security_task_getsecid_subj(current, &blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { if (error != -EINVAL) @@ -2359,6 +2352,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2369,7 +2363,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &audit_sig_sid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6a04d762d272..1ba14a7a38f7 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1330,7 +1330,6 @@ int audit_filter(int msgtype, unsigned int listtype) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; pid_t pid; - u32 sid; struct lsmblob blob; switch (f->type) { @@ -1362,8 +1361,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_CLR: if (f->lsm_isset) { security_task_getsecid_subj(current, - &sid); - lsmblob_init(&blob, sid); + &blob); result = security_audit_rule_match( &blob, f->type, f->op, f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b4d214b21b97..50e3f2f4cb49 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -477,7 +477,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -674,17 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->lsm_isset) { if (need_sid) { - security_task_getsecid_subj(tsk, &sid); + security_task_getsecid_subj(tsk, &blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, f->lsm_rules); @@ -2439,12 +2430,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2460,6 +2454,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2471,7 +2466,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2492,7 +2489,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 51cb4fce5edf..15b53fc4e83f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_task_getsecid_subj(current, &audit_info.secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 6190cbf94bf0..aa31f7bf79ee 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_task_getsecid_subj(current, &audit_info->secid); + struct lsmblob blob; + + security_task_getsecid_subj(current, &blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index dbba51583e7c..2fedda131a39 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_task_getsecid_subj(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_task_getsecid_subj(current, &blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 465865412100..c327f93d3962 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -436,9 +437,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -446,11 +447,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -486,10 +487,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -510,10 +513,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -689,7 +693,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -709,8 +713,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, NULL, + security_task_getsecid_subj(current, &blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -739,7 +744,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -752,9 +757,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_task_getsecid_subj(current, &secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_task_getsecid_subj(current, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -882,7 +888,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -905,9 +911,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_task_getsecid_subj(current, &secid); + security_task_getsecid_subj(current, &blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index f6760b25fed0..74a7fb981904 100644 --- a/security/security.c +++ b/security/security.c @@ -1905,17 +1905,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_task_getsecid_subj(struct task_struct *p, u32 *secid) +void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_subj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_subj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj); From patchwork Fri Sep 24 17:54:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 205F4C433EF for ; Fri, 24 Sep 2021 18:07:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0BBB061107 for ; Fri, 24 Sep 2021 18:07:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345715AbhIXSIk (ORCPT ); Fri, 24 Sep 2021 14:08:40 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:40355 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347877AbhIXSIj (ORCPT ); Fri, 24 Sep 2021 14:08:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506826; bh=NSFipKtBBIm45/MDEef6cClsYrf6QTE77Xh6yL0FpFE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=fNknNLA3lYmvdhxrqDKdQ8a7wO8Fob0lhCAnyCbKy9hvdT9UoXbQwoLRC70BoVC1pWxFZzx9mPLssi9kEn+oirXgwE+LH3UfrIjtl1Mt1+oTrwY7ISlll6GdTkjchyJnD7cWgzOufd93NIOhWd+Cp8rMXpuSa1cEfQQWrpP1Fzlg+6EmkwVjlbb2iT30h7G4I45J/l1Nt+0d+4TqI3spkG5ipmlCSFt+DllEcvrXRZ10vCldQ2uWlJxxpD4GGlj+c75Ksi1qRUFG+gTOWGlffGgTxzogQI0/UDy1sPolaOcQodfaKQrWOgG6dyzzboH/Qh47SfxbuH50km9YmWRUJQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506826; bh=4msa18yrZDHcDr/ysBzWkUKn3IVXkXJ7gsCnm4heKIi=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cWilWyRLSyoXeLsGI7PWptmQyVjO5Cwp9pnsuJiPG56sr06Z9qjQkrN0fVYBSAo3xa2R36Ru/DykxvZ4o9Rggn8Ise9YNKxOnxUGq/KlhxfLqOWDCblHPGXJZPIovPbSodep6Te+Dvx8WwVa32DUZv5WgOFLaUigxHY8Msm8V/zIeHxbzTwaYrzOwchMCKcbIGtWZK0Voq/+91ESSEF7+zlE+SGDnExZ0kEA4i6YLbEBs3aYAwHvX7XTvDqJzo2TfFl++QAZBBMBcOULd5hcLFIkh/jKsQci/vsF+Ofge4mpBAfefziUugAuLgd+OWSL4hK3t1t5ZxDMtiqjZk13Zg== X-YMail-OSG: S4r3spoVM1nia.7i3N9a0pMdtqHJYFsvhlN8i7XfNsveKkChgEGcecLCLJDu0x0 Sd6bHKFLrd5G1B7_XlS_jvZdygAR8HAKllBvs_e1FduCcdNzqdzYXnKUvNWmFOuvBGoAOp6r5grv y.3Rntsz2789Sfub24lSoI7XrYNJv5ShQOWDiGEBOuJbI6MlNFzU3siTqCO6GcIhKOpux0_1KPGi O9rtxXLTNGr6gUihZnSalqjm1jIwISfLrtNI.KlHoGip5WDuTyX9pLoJ1mcv94zeoekXuWks0NIE vA1.Acyk8fbWWFkhcQjoEVTNnjAwU9G7LZQjAkSTsNbJlzrU5oB0jQ_4Q0w3UyNNidaqHmgoT4GU MJC4Cm70obEO1AAjH7HZZ5czLv4w_CjapVYV7dSP6bytMS0y9BKnfdIxMDNV3r1A_VxlTeogapuw QEQHeu1.t8vncxTnmWnt.X9rHebklKhwsg6USy5HxbEPzCPOIJ8osk5NWK.orulrzYaC0l9kPkJh wx56ShyST4VGBAPA5Mq5lAlM3VtLX0M9d2tG.pt3Mul4FYX9f_d6bqouLn4tXH4VYlG_3zD6_NdT PBnTmU8f0eNY1LU45zkk1jAtBzwUWaVoN7E68PlLKnc6dAmy1b3AMnWToE7vU9jLPOMiL674I1XE Xu.GjKSjzGOX0HGcsCv35aPyNTjo_E98J9ZzXw9G_PdApXJ5gGgzrW9VQeB5n9JZjjH8Ape3c.hI t2Q9B4xohrybloml23Zhaby47_PGWUULeuUywQey3MronKV8ynBAIkf.xmIFGBsQ_y6wtKYcTrcs tkQGDkIFN.DlrJJfe.V5TVSfFrPknjP6xRqfez8k1am4.pHEZWR5j9KyWNT8pTOgrL2MKDT8LBCu mJYL.obbpSeZ6nrqCMJIFiCxFG8xPlWXCXJ4KCHBqo_7Uw4T.OWFLs8pelHU9A35GE4tyEBDhn1n yszpcc03ztovhr8Jxju98NVO1GntIA3IDkpgjjJwbCjOCUL7YAaFXaH4tLi0Cqwzd_igDVGJJxqY Wcyo9dS9iDA7576RF8YdFTJ7yQaGa8PcZQxG0dhJPkzMTp0iSd7HXrOGECm1SU9OlN_t10NucZKa RmEJjU8GNxJfp.OlpmkdQyWnbmTTcy02HMM3qA6zYPNAYO.XoEbSWGHy1fx9Nk1BxSGgpvLCzRnb IgRhebwxIEoJUek35qnInrzKhqkbreSf8Wk4BdcY5mjtNaEVKBACgE7Q_zvgB6AxCEE9h.xFFxCq zDkTjpq41IaFDhuxtJzEFdYq2j8oJhvJyaG4talNmSPSg.mdNRx7ZjyUf3qGf9TAGarGmiUzNfCh arIzDjsHg4IZvMzYdVQoMgGizaxedEuFWrR6FrF5tedQFYppdMKCQy58cu5Fx2bkoewVkphsQLRc iD5_fgg2j6OGUsKGDonzmEaaR2FRvyxGqN755lfJZyI_gSIN_SFs22gV33BybwOqREt4b36Uq_LH 1nRoyrkbsiBxZJIcKuCCyNy4kOmSUd6T_t58EkM1jB38tbm2.i7huXX4w1Zli3mb2gNB6H4SVal4 7PPw.LMZ09STH3mOXjDOnBgZ3DWJWuPapVwR7HnAA25QrTv2L8NWDwEhsj42NUlW2p_EYyuooHXZ EsXruqYIeGOkjjW3ltOp4eP8.mumRcb9yPusb_JB0dDSuSG5X0U1Z_aSEj1bKBjFOBxzfbloOZFn mZjcqaTiCgmzfquUUU6GXZO5thpXLVzRqVnkpbVepTXFK.FosunC_ADE0i7tpm73HZx7OWGXJCzO vpZ_X4norddkOIMEjTFJVmN8c8zXeuL4frgO8pD8lSAHMZULtXMP8k4ushoZpJ_0ZUlRNnTm60WM WVRDBb4Sek4xtYTUMYgxBZJqhk.bLW_YNFxQQgj5o1l8WcV9XD4uZduU2LeCyCg8AbT.b4ncAXpS scgSJiTJxuQq6v0tv2es8XywkXxrgrm1uS2drwVnlhs8C1q2QPknbI.qjVvNf1X1Ipk.EGW3UNb5 LOS7KEEQIwKj5e_zHFaRKVplR5Uc6A2Y4lMim1RXf6qXsB63tmFKT7XWH_Aq9f6qWmgVTy5UzwUV WUYs.CSJ9xdoYQrfK1V5.ik4ezNeFS8P.2muYI..r14Pcp.UB.TadrMubkkwryfGjctz_BLRaO1P MD0M.AkUTPRzznCP.PqDrWi4skXLe_y_D_k61rb8wCs93X5mJCkm5LG4eLM_Zzr_tvNG2V44w8zy YELP9WbW.FQ1ms17WujNV0MkfwkghROoBHSg2Z.lU.lsZCd3rCPNZgXsFFZOrsZyMq6xjSkmJZgr LCawIHnSfE_zKLECGksNdu9jaIPzPJyytJBTQnwBBAxZPZTGoLsxy X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:07:06 +0000 Received: by kubenode586.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 6a336e70ce257ef3e6f73420e83310a5; Fri, 24 Sep 2021 18:07:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 11/28] LSM: Use lsmblob in security_inode_getsecid Date: Fri, 24 Sep 2021 10:54:24 -0700 Message-Id: <20210924175441.7943-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the security_inode_getsecid() interface to fill in a lsmblob structure instead of a u32 secid. This allows for its callers to gather data from all registered LSMs. Data is provided for IMA and audit. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 7 ++++--- kernel/auditsc.c | 6 +++++- security/integrity/ima/ima_policy.c | 4 +--- security/security.c | 11 +++++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index de70742c30d6..5a336fa10818 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -455,7 +455,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns, void **buffer, bool alloc); int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); -void security_inode_getsecid(struct inode *inode, u32 *secid); +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob); int security_inode_copy_up(struct dentry *src, struct cred **new); int security_inode_copy_up_xattr(const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, @@ -1006,9 +1006,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, return 0; } -static inline void security_inode_getsecid(struct inode *inode, u32 *secid) +static inline void security_inode_getsecid(struct inode *inode, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_inode_copy_up(struct dentry *src, struct cred **new) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 50e3f2f4cb49..dcd1b988a2d3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1975,13 +1975,17 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { + struct lsmblob blob; + name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &name->osid); + security_inode_getsecid(inode, &blob); + /* scaffolding until osid is updated */ + name->osid = blob.secid[0]; if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3d9f051edd20..67c7762b2533 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -620,7 +620,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; - u32 osid; struct lsmblob lsmdata; if (!ima_lsm_isset(rule, i)) { @@ -633,8 +632,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_OBJ_USER: case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: - security_inode_getsecid(inode, &osid); - lsmblob_init(&lsmdata, osid); + security_inode_getsecid(inode, &lsmdata); rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); diff --git a/security/security.c b/security/security.c index 74a7fb981904..5fbcccbdbccd 100644 --- a/security/security.c +++ b/security/security.c @@ -1549,9 +1549,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer } EXPORT_SYMBOL(security_inode_listsecurity); -void security_inode_getsecid(struct inode *inode, u32 *secid) +void security_inode_getsecid(struct inode *inode, struct lsmblob *blob) { - call_void_hook(inode_getsecid, inode, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]); + } } int security_inode_copy_up(struct dentry *src, struct cred **new) From patchwork Fri Sep 24 17:54:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516427 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B60DFC433F5 for ; Fri, 24 Sep 2021 18:08:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 97CDF61107 for ; Fri, 24 Sep 2021 18:08:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345042AbhIXSJu (ORCPT ); Fri, 24 Sep 2021 14:09:50 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:33442 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345386AbhIXSJu (ORCPT ); Fri, 24 Sep 2021 14:09:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506896; bh=BAnSfVvP1uRJtdchoIVy7g+glXh9o7BFoC0c4oy2wJY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Us1s29HNIHtfvZjWJbjukP0zrJ5S95h8in/elYo93sfqxqYCx9oHv6o12tXXBfTZVCRizyEtNJ1KFTVRLSaqJosPDSjpwHray2NwEzUq/+Djxj6//gtbRQdwXgNPopSpsoKN8QIveohhoyhm+sZ0qoVutUrTEqiXNLfUhHoEpMUTJ95bG1GktkbAJdZ0mGiEP6saWUtH+LyjndTftPZIMQ8RpEV4P6trwe2zgAia815t4Gijsy59B3L/YrmuYD4yJGt2Bi5H5fp6VpgrsVIz7PM+/S3BnTBPznpwShKt0+YLbclC7sY0o5ZS/hrWB30vpaMLHSyHP3zrsKdPGD6t2w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506896; bh=2yM6xuhyR0Sknhc2BGrsGom9Tc1BG8VVvye0xl625s1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Rb0Pbd8lAvIDHKKIf5L4P0i2oMM8+dkmT76TUDMOwBBTJTN+g17bo4vtkfrGqPuXvVyxyZ0QhCs8p8R9ifvzNt0dGD8BDZJo3OHVrbpEHB/ABWW5FvRNDUhdLbfIlcVGEWWixb6P18NTU91dfeBkJvp2rjSQzPTA00NCo8z4xv/3bYT2Zw6SYpLf0QCpgnRhn/WAIPoNidkrgnH55/nCUkI6a5tM5x8KlX6xyv5g8Qbn6V0G/F7nrccHsibVB5ZJ+L9m7zq4mKx/iywg4UvITrWCTwuiswrZF3V3014KsYBWexObT5B3adJkcvfBtUV2Jek9GdHeDforVf1pu+FSSw== X-YMail-OSG: hLquolUVM1nAWS5IGafv75W9T3PZgW.RDNHQweaq5z9rGoUvH_DE_nUt7kjULvo Gh5LHT6Ef31f2MKIjFPGud_XqydbuVPADRTTSGAApPbziPiZo2dACSrSMMchOlN_5BGfV6jlrand ihnLFdAcOKPrSvsYQT189F6cQts7xdLWnYSgm7.gmi5Fl7oxMsqYQL4xsz7_fKggUa4.8qNfgQQN ZvoF43QijaxCmEz5GIoH6AtpppMtIpWCpuJMuCx6seBwNnVy_gzqFcPWZ4J333OfdWoRPneLe91u 2_TGm86ZlQaelIRA.sPzXFRJmLHucGxFFH.O8pIQEUm_iH5qk361dtl53sq712FDj2r.2P8PHtl8 Y85nElxBcDSsQHE3RWRuKo7W3JTHbkeIHYHSxqypdZdkTh7NBcezbF7sHkAdFWJ4N3HY9lCKvX8A X_iAEcdU7eMIbIUJIC9SyMM60fV47DpbenZfutmzzXID6zaTXI7.RAzzQe09DBXpm8pvDv9kgBXZ ZOJ5bwSi6hYNhGXzy.lXlQSuGd5J4mBIJ2FlaclFn18WaThLD2RydpedhhDsuWEZUEv8I_1hWB9f jFVQU84cdL5FGBJMoclFXUuyPJ.i.ATUVs3cB73Do26DhgLm5pWVlhP2Sm8fh4hQx_UWLHITxfYF r4d8jOUUUMOhLRt_wD2TnecNez1Rxq00Kskdd0.SAAJ9OTy6.XGDxVv7Q9Z8bN.cLuwjIuV7X.jg XVJ6djG.9YvSYqusd8XayanRgE61Aiog8P5.xZpusePRfBI3_Xs7yYcCWcIjP7LC2PmKnSLhsF5e EMgr2IiFCLrRkgxYsUsHeFUaW7hLIV_4dO3JTgvijMSMfimaBZ.XGJC36OIY.fa75n1LDQVKer_q XMQCPzVdaz1x_CIWtIgQiL56p60t89ZN08QEdfKwqaGU5F_VgeoLyxgaqga9MyvDSwCQzzeqY.l. TusfOy2vEBQDuUYyAlf617VGXqnBJra6VufuBURPj5VpxKvX6tPiVHlHJmq39bjqSTdcCXYOFwJe PmeVhPmyBjFwNx83Be8NLBj85pppToe8D.SsVCr1jH6SVJepNfj2FtO6PiV0EAzi5V7_uSNCs3Lm oGOp3XShzIOBADNgDV7A4Y9SzyblnNLInwfRlhBoyv4DiylDPKOTd3s6VvcwE4rSJBKBMm2hj18u DXgK_9UVOWoMll_txcdmF9YnQTk.ClAGGxcYYHHshzeyUjFOKO6HepxcjQGWqBM5GNRe0xW3jKpv D13g8rLr7bNuGz4ZpEb5.Jm1Kj3LHf.zo_hDYZwoijHmpFyDtcMTgXmkqUk9U.ktokaCVVo0_phb 72QAn.5VkjRv_ZzdXOu4di0zYC5Y_sp51K_qjPF.T3Ohhg3P.vUmlx1W2IKiwMQc5AsN1pI3EPWQ cnhuIBq_GJ4Jju2xhzaOBWeZRK2qi__KlGzEfcbVKGlMgy3gJWamouztzFwgQyofZTFx20NvN_RA 5mUHwDlyjUWhV58zb5ZpasczTtIcXcg_USp_H7k37vhxDrWzNVPr37MuNsv1PuTBr1K7zex0W.kT nBJXlH93nAMSadBDxediAX6xPKtx2XQZwgCeJYIVPty0F0BdVWoDfxp_pAVVWGGn8oTAw9lux8K4 FtV6f37Bc7PXgcrOa2Rc5KEgEkJwx_trsPc6J32To5XQk_3P4aH_sYQS_9nqhuoyaOCliEvqlwwW XzgrUCskamLfT6MEMO9ELCEbDzpTx4M7CnbAJ7y1LGserVFX6veZZOUk6ZNkoOXj1s.zNV5jOeRV 57tKb7vO5YBSM0URCfeQRdXOSyDbkTrZdQyB7z73kkE3lr88bu6F9.2n6Eh.xixQAWLuQDYH4cZg WeGrXbOpiPOim0bO7nXDoSfKlwKpJNMJ0OxWWcuaV4u03f0jm3Hv7pD0KVyuuyWkh3xXVsbYClVZ 5kbbghlBja4J0AArx9xAaJaiOegGyhmXCM2T_evcHMhUXI7XQP6E3e2rX7YdHkui7l47ajivrW_u DYNpO.erZ4sp0JhayZZFvITlH0l6HC7OoEabqlA8_RglFGtVpMCfAdmzXHOvkwqAqMFEXpol1jMl gJgJvT96OX09Qlt.0frMrSHTm9vXPInalNEpPbwbA45EWyLrGXcO7CsycG.D1KTRftvztKRUT8ll 28VvqTyz_sAfcQiRO1amBlJxgvs7YEqhm9RE70fqsrnpVpvn7JSCMlVMFNPxrCojVxciN.IRsbhM hnAKJMJIvu5H6IFo2dDHFS8Z_DORJspxkmIXEp8DdsatjmB3V8cNMYv22MNN2TqM7q7jw2VFsg9j Ap0CkX3KuijJAQqPPWMpT6Y73Hv5R9Linm.dU8XOrJXKeYEQAhEZXCQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:08:16 +0000 Received: by kubenode585.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f6139ef9ea109ef4c54f04b259cb9c09; Fri, 24 Sep 2021 18:08:12 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 12/28] LSM: Use lsmblob in security_cred_getsecid Date: Fri, 24 Sep 2021 10:54:25 -0700 Message-Id: <20210924175441.7943-13-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the security_cred_getsecid() interface to fill in a lsmblob instead of a u32 secid. The associated data elements in the audit sub-system are changed from a secid to a lsmblob to accommodate multiple possible LSM audit users. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: linux-audit@redhat.com --- include/linux/security.h | 2 +- kernel/audit.c | 25 +++++++---------------- kernel/audit.h | 3 ++- kernel/auditsc.c | 33 +++++++++++-------------------- security/integrity/ima/ima_main.c | 8 ++++---- security/security.c | 12 ++++++++--- 6 files changed, 35 insertions(+), 48 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5a336fa10818..58c853eabcc9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -482,7 +482,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/kernel/audit.c b/kernel/audit.c index d92c7b894183..8ec64e6e8bc0 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1441,29 +1441,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2352,7 +2344,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2363,9 +2354,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_task_getsecid_subj(current, &blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = blob.secid[0]; + security_task_getsecid_subj(current, &audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index d6a2c899a8db..d43a08eabd86 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include @@ -137,7 +138,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index dcd1b988a2d3..b5807b9b8a4d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -111,7 +111,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -997,14 +997,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1013,9 +1013,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1590,7 +1589,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1599,7 +1598,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1775,7 +1774,7 @@ void __audit_syscall_exit(int success, long return_code) context->aux = NULL; context->aux_pids = NULL; context->target_pid = 0; - context->target_sid = 0; + lsmblob_init(&context->target_lsm, 0); context->sockaddr_len = 0; context->type = 0; context->fds[0] = -1; @@ -2434,15 +2433,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2458,7 +2454,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2470,9 +2465,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = blob.secid[0]; + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2493,9 +2486,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = blob.secid[0]; + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c327f93d3962..1a4f7b00253b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_task_getsecid_subj(current, &blob); @@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 5fbcccbdbccd..f5e9f2eaf5da 100644 --- a/security/security.c +++ b/security/security.c @@ -1799,10 +1799,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid); From patchwork Fri Sep 24 17:54:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516457 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3A90C4332F for ; Fri, 24 Sep 2021 18:09:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ABC9B61250 for ; Fri, 24 Sep 2021 18:09:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347867AbhIXSK4 (ORCPT ); Fri, 24 Sep 2021 14:10:56 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:43748 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345411AbhIXSKz (ORCPT ); Fri, 24 Sep 2021 14:10:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506962; bh=3pmmgD9t4z8NQSI4p1azkNcMGXOlGepTVasZIQiZvCA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DNIrxsFZScsb+SoVRi/rH6SvussDc1YVH4a/oGVPZLwpQj3LktPEZSIwUXmMh5Gcp8QCkTLhqK/mAmHbdmux9Z78cZXzLugKR/1hlqjiff5oQh8Q/CjhLcW2LNStBwvgzIcVLnoS8o2YOfP066fMwCC53wnwe+Q/QbQjMK1o8l8SaRTTyuGJ9EIshVMjQ9qOBc8M6r7rmPzoi+O1UfPUM8bbwNDOwPDc4NxSdh47xS5s67K8dBR1HckvyXtWp//+HxMxoCWCibnq+WWfEPz3rY2EBcYcRZnEotCYvSvaLq8/DHJ0WUfQSWmGPQt5WRHmq05yJY/wGJtuSC4LPK9b+w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632506962; bh=fgc29GRrXTZa1Vl+DtuHKa+Fe5gpE/9Uuzbg1Q9YUPA=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=s7o2qDzpcT3zAjCpyrkYJqtZkYUDy5184aI8+bisW03f2xPbBA9eMZvurguH8QKiyRBfneNFNNao7shJrgztAep5a5opOvojgAv/OdtYJxD8BFYhZc5OVcS+6Mx2/oUjDKxceU/Xfl6H1TzwVqASUDkTi+y/DjoqCvlB8oaXaEe6Gsdb+coerI2a/ESu1NgtslTXlbPbQ5DPY1os+OyJ6wjf8Cl1zv+Th6rGq3qLTakYSI66FgfsF3QxYXTH0Y+OUnNc1H0TqFtjAbWCl3atDuyQeyUDVNOBZl3yWnbq/7+irIIvqHhsu0hOg/YWLkufuNJbtbBfMCyKVnt8+1UFmQ== X-YMail-OSG: ni7vDc8VM1ntq6.WXBiQYwiATX74bzTV7_sa7yOP2G8V0d9lZ9zj1_XsumEgpYA 8zIlJ8MVCPb806vHM1SMm4NRY_Hy.8EeHTTdthEUVEe3jAbSOCd0Wq81cMzRJoNnx_u_atuBu0w3 BffIYR11Q9Uar9DfdU9AwWfWwaYHWdubwFsNILlbgz4tPu43aGuQDCNsVy3TzZAah8nFX7ik2eoz 36CUooxlf2x_Xo2QVj_CX8a1WQyR_Rj_2SpIiB6mCHkiPyaSkXGtFpyYbMqByKZlWtdBOMJ0K1X9 ZJqvcnWv955D6cJxpHthwj9cEZG8DmtRoBCE2i.CNcE_sAVfEGNfR2uZ2niiI4o0eiWKbTPv.ZCx 2YlEqaFYMOdF0FileL9ktb9BbRIJ8E9cUVTtbtNpmFdbcEplJAK_jtOSyiplLdFrqepPyJwUx1MQ PROOsv4PCTOTqdWwmnSwgfvonLmUR5.zn.gSWQ4ZhwHpWmdqUoqogCnT1RnDguX0V0WGuj3mLX1D eYBV6k1sYmPDjie38v0vLQguefgUDo.Ds6YKDMOL5ni2j05S0_3hSIbAtcyYK8m_aT5ExCSvRdMK USu3Do9VSDHzVLQHKt4Y8GbOAsIwB7x8v1DOjeRfY6MDhvyE1Dt7K2pE7ARrcNM75h1IKOoLSfaC dg4ReQQMb6lsUvLYOsJMRr4p6x9F_B8GkeFnHiEMY4PUQlonyiDtvHk0an6A0l_Y2_I.4zTY3_4L jJUQ9sUpBB9KC7wEGiigxR96D5yzJCvMkMr7n9i_OaCHKRvpck20GthNoKrM1tHiJRT7aC68_ylY nGVvUsmMIvDHcRSA4rfbKjpNcaBbSsWAuqNaGteksAEmRspywU145n7HOlVgMNFqfE_GUCCMyNZO DowZpCj9KKS_nsVelnkI14D6srrmQVH5.STAlDAlYj6hY.3x21l78sV.CwT0SNW.a58.Qc3H_CzT JRqGFhJ6xNm9bfR0ozhDjdxpYlvacGnuiLnnkrX5DVvmlcUeKgy4C6MUyDpi4LNyPBZ3F_q1edtF icD7SOucF0BcF31FVD8b_56eHS7ikVfgOdYjdgOZ1h6fpcJDulMaeA7NqlzNBdQe0459JuNCAykv l.3uz7M70XOP3tU97YCaJdokeCUizZ95ZCponXLZXjIkkjtQU1dSsn58JDWSeN3LhUNewHb_WknH Y3_jW4NOZQF.6PJY.9Npbc2sl8cDt.Qil5jSKNmD0Z7T_ssv9omQ3wuTPwF6hh8r25QU7lhFmeBb XywSYgjWAey5nJEPYWmgDLPdcyoO.gP0MNSjeWR53maSosJQ9hP2ufHdLbLbDepQouIKVCQB4m23 aozXE9fSYyU4LMeZFAB9FGcOKv.mASpRHKrOFFG88IkyiZW4somalm0TWRiqWXrpYOUncu_dhxg3 HdEdpQmskoX8iM15J0Or3n1th_jCDRE.cLz0LRDY67Xree.Y92O.0gmwdt2EGJ43Vp7WrkAyeH6n dOlQkZwtam4LByfwMCioLiGZylqmpKAVQJ.k2L2hSvfHwvIqPFTqWIrkTMX.IHcUCBPrcxYnr8q2 FG1HN09gmMBVGe.u3j2XgyYP4CWcG5KaBwOjOvtBZlgIu2b13vcIsfm5lkSQpReNtz9kOKlkaR72 DwwuauZpyqTmRaS6w6tmfAyGBD9ulhSAyo6JohbK4JL3.LNe5d9CrClPcqgbtdvcayBJo_lyzNEy qh3KLRAOgvlhV3ALzawO1f0DI.Xt3Rx7NwHfrQA3ujSs_TSVaP3wJZHBoczP5pndHeIWzR7mG8Qu tGtBnQZBAX.ojPvrhlWb0oS.yIaFoNnppVmPJtsXu1fhCyrsgsjF3QBKRfzOjgClyp1erD9Wge2B s6yuSr2N9dqALZOnZdkzcmu4qx8GDEcAm_0nDSz2ZTzl4VNXwLOOM1gbxcS23cU.E7VbvReS5UKC isIw4lmfNfqzwzj0De5u6xgrG3Hp4uZltGi4CibjUMzHULgwuNpRdQVc1BW2r7OHYGEDiYu6s_qC kFXyTYAY4j8jp5hDhidKp5WkPe2fptxp.UvfjoxLbk9E0xdmje6wIE71k14Hljqk0V26hq02bwRo dKlck6rzG4HI6HAtYWeqkorMEg_oUajx7pJWAWLSacgrqZOd6wu.HcDrhU6q2kWjxpQwBqfXm9hv .KaVqq669rTM95Yy.QdJwz6wDalTUgAm9Ux2zp6FWn0326HmHvKnxpXggeUOf8_RCTZynD6seEiq fO_aK_.2V6fSfn_7TR8EBrW1_4vl7R9pZVgbfwMb1OE8FvEP._P4SJdnpsDTTf8H55mTw8bSMDOm pdapHoDLwMWWZO408BJIQUl.mv18zjeRBODpkNBmKR9HhCaHQIZweyw-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:09:22 +0000 Received: by kubenode550.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d05a32d7b279403a153a7aae7034a619; Fri, 24 Sep 2021 18:09:20 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , linux-integrity@vger.kernel.org Subject: [PATCH v29 13/28] IMA: Change internal interfaces to use lsmblobs Date: Fri, 24 Sep 2021 10:54:26 -0700 Message-Id: <20210924175441.7943-14-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: The IMA interfaces ima_get_action() and ima_match_policy() call LSM functions that use lsmblobs. Change the IMA functions to pass the lsmblob to be compatible with the LSM functions. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org To: Mimi Zohar --- security/integrity/ima/ima.h | 6 ++--- security/integrity/ima/ima_api.c | 6 ++--- security/integrity/ima/ima_appraise.c | 3 +-- security/integrity/ima/ima_main.c | 38 +++++++++++---------------- security/integrity/ima/ima_policy.c | 17 ++++++------ 5 files changed, 31 insertions(+), 39 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 1f025ff1f011..dfa6cf5115c3 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -255,7 +255,7 @@ static inline void ima_process_queued_keys(void) {} /* LIM API function definitions */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); @@ -286,8 +286,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 2c6c3a5228b5..aa27f2144476 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -165,7 +165,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @mnt_userns: user namespace of the mount the inode was found from * @inode: pointer to the inode associated with the object being validated * @cred: pointer to credentials structure to validate - * @secid: secid of the task being validated + * @blob: LSM data of the task being validated * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, * MAY_APPEND) * @func: caller identifier @@ -186,7 +186,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * */ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, int mask, + const struct cred *cred, struct lsmblob *blob, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) @@ -195,7 +195,7 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, flags &= ima_policy_flag; - return ima_match_policy(mnt_userns, inode, cred, secid, func, mask, + return ima_match_policy(mnt_userns, inode, cred, blob, func, mask, flags, pcr, template_desc, func_data, allowed_algos); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2fedda131a39..d7244a5eb69d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,9 +77,8 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid_subj(current, &blob); - /* scaffolding the .secid[0] */ return ima_match_policy(mnt_userns, inode, current_cred(), - blob.secid[0], func, mask, + &blob, func, mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, NULL); } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1a4f7b00253b..4789d5256693 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -199,8 +199,8 @@ void ima_file_free(struct file *file) } static int process_measurement(struct file *file, const struct cred *cred, - u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func) + struct lsmblob *blob, char *buf, loff_t size, + int mask, enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -224,7 +224,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * bitmask based on the appraise/audit/measurement policy. * Included is the appraise submask. */ - action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid, + action = ima_get_action(file_mnt_user_ns(file), inode, cred, blob, mask, func, &pcr, &template_desc, NULL, &allowed_algos); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && @@ -409,8 +409,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], + return process_measurement(file, current_cred(), &blob, NULL, 0, MAY_EXEC, MMAP_CHECK); } @@ -450,8 +449,8 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid_subj(current, &blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), blob.secid[0], MAY_EXEC, - MMAP_CHECK, &pcr, &template, NULL, NULL); + current_cred(), &blob, MAY_EXEC, MMAP_CHECK, + &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -489,16 +488,14 @@ int ima_bprm_check(struct linux_binprm *bprm) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - ret = process_measurement(bprm->file, current_cred(), blob.secid[0], - NULL, 0, MAY_EXEC, BPRM_CHECK); + ret = process_measurement(bprm->file, current_cred(), &blob, NULL, 0, + MAY_EXEC, BPRM_CHECK); if (ret) return ret; security_cred_getsecid(bprm->cred, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(bprm->file, bprm->cred, blob.secid[0], - NULL, 0, MAY_EXEC, CREDS_CHECK); + return process_measurement(bprm->file, bprm->cred, &blob, NULL, 0, + MAY_EXEC, CREDS_CHECK); } /** @@ -516,8 +513,7 @@ int ima_file_check(struct file *file, int mask) struct lsmblob blob; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, + return process_measurement(file, current_cred(), &blob, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -714,9 +710,8 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding - until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], NULL, - 0, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, NULL, 0, + MAY_READ, func); } const int read_idmap[READING_MAX_ID] = { @@ -758,9 +753,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid_subj(current, &blob); - /* scaffolding until process_measurement changes */ - return process_measurement(file, current_cred(), blob.secid[0], buf, - size, MAY_READ, func); + return process_measurement(file, current_cred(), &blob, buf, size, + MAY_READ, func); } /** @@ -914,7 +908,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, security_task_getsecid_subj(current, &blob); /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - blob.secid[0], 0, func, &pcr, &template, + &blob, 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 67c7762b2533..99d6f6499094 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -560,7 +560,7 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, * @mnt_userns: user namespace of the mount the inode was found from * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation - * @secid: the secid of the task to be validated + * @blob: the lsm data of the task to be validated * @func: LIM hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @func_data: func specific data, may be NULL @@ -570,8 +570,8 @@ static bool ima_match_rule_data(struct ima_rule_entry *rule, static bool ima_match_rules(struct ima_rule_entry *rule, struct user_namespace *mnt_userns, struct inode *inode, const struct cred *cred, - u32 secid, enum ima_hooks func, int mask, - const char *func_data) + struct lsmblob *blob, enum ima_hooks func, + int mask, const char *func_data) { int i; @@ -640,8 +640,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - lsmblob_init(&lsmdata, secid); - rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type, + rc = ima_filter_rule_match(blob, rule->lsm[i].type, Audit_equal, rule->lsm[i].rule); break; @@ -685,7 +684,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @inode: pointer to an inode for which the policy decision is being made * @cred: pointer to a credentials structure for which the policy decision is * being made - * @secid: LSM secid of the task to be validated + * @blob: LSM data of the task to be validated * @func: IMA hook identifier * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend @@ -701,8 +700,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * than writes so ima_match_policy() is classical RCU candidate. */ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, - const struct cred *cred, u32 secid, enum ima_hooks func, - int mask, int flags, int *pcr, + const struct cred *cred, struct lsmblob *blob, + enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, const char *func_data, unsigned int *allowed_algos) { @@ -718,7 +717,7 @@ int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode, if (!(entry->action & actmask)) continue; - if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, + if (!ima_match_rules(entry, mnt_userns, inode, cred, blob, func, mask, func_data)) continue; From patchwork Fri Sep 24 17:54:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516459 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E665CC4332F for ; Fri, 24 Sep 2021 18:10:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB94761076 for ; Fri, 24 Sep 2021 18:10:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345967AbhIXSMG (ORCPT ); Fri, 24 Sep 2021 14:12:06 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:37042 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345797AbhIXSMF (ORCPT ); Fri, 24 Sep 2021 14:12:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507031; bh=Wi/0zGMkWBjm+whVPx9Ty+ICQl8YOy9900i+1+9VMkM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=X3Fqp60Nt0Ye7ZI687yKJ0ZiAI7Pon/vF7wxT0krj2WchIksNVPWWnNmKz+xQLVegmXR092RN2s83xiY6lP2VORCi0WbeKc5GoBV8/tGEsUsD/v2pd9LCJH5WxoPeTjrd//If+Y7bgnLZy2dfg9VsBeU3ASOB65h1a+QxODNCCfV8xscmO9qTRQiWYq9pvMK2D0h+XYuUXno6ESBtd5vRgCOunVBYRvWfcbGRftm+zcB+UsFOdZoBsjj0xm1NwhWoGDTCtVkiQ1ZLpLs11TSJNq37upMarnMEFvFmHeOpG/3vylf3Q6UgiNt0Y8ADLE/19e88ZsNHEq8+8I8GTS5Gw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507031; bh=B5dpBKZWof/Qd6vXkiRxSBCsTLEG7cH/coaQDlTdXBF=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=EE/Vj6HHzfMMk/3AE7HaWJPjR0ydJPTgVGrwMH1LsoehjmQyHXPJicWpQmAI+i1UZCoJBvLkq+rhGtlETunVvIDDYss1e+qMUt37GkJOFH1WMPgp3Lqdlh3MUMDJGhq8IVMnqTJK1HaJdohOem/kJDGSghiPkCkvJZIJZcRdLz02IkeFHe/FT9f8hxNcljLoM93woD0zIj5bVmgl2tTk69NHi/qH+/DOUyuil4bj7li/HKjWcAevDrsKP5Dhg1kHRP7yL9g6fIY/btT9IDrjZDN4NWn+01FnZLn94tJCOk5WA4nEj2tP2YfcEJPHsYOOQ9N6krUJ4AuvEiUUZkxrgg== X-YMail-OSG: OGS1aQ8VM1nD8QE5_8FUMPetz4NVvCCVSeznMVHX3TevXtoo8dhElHxSw_oWmfZ o5FuA5Ar3TejeruFbyojC62hdJ3pDi9sSpw3hD_fy1Cwy.ZuTDN2zUzjWYuQyxc1BYW_R3KSYzFj ZYN977S1l_nfjc8cPNmh5td8ayOgE7XNPaWWyicvLeglx1mm2reVvWlJbGsSY.reAMurLG_pdHWl .Jb_dmU0U2mlZkP6XiM5VikNgk6Q0Kd3gdRRAGVhTHqrkSJloemuhl6aQo2jOGvD7LZCfp4AYuOu 4XCFaBrINz2Qi3VwMZRLS8I6QqwMrB8R7dR7HVPvVhjNZO.X7IeU5VO5XXxAK14s44W2l804lxHN AZw5ZtxXiHiKIVbF9QsqFQZdtZbcozlgRLdrEVdkRn5GDRBLRr.49i2s5Dt1YUyDSxfNZSDjcv4r e.qSUt4BR5jSQcLgNjT7bIdepY4LpbpRlO8Y_7.4qYHIudlECEyWqoZu8.tuSLCMaKn3tylZHGhk B0nLcFPM9YX99OScr_t_lUZ14_VVfi3zxCAV_cRNx8_qoh4ubPTtdgLGvpJJvdo4X.TTvnrXA8bd d948ORGUEpKVfCurvBU_0Ij8Z.4ejny1LBaB8IFwLUQv3g36tShYUrmHGq3cctidg6PnZCM0RKcb 5oagpa8O6HTBDGHOVVAsywfjIxWCw2ubCQ4YwJYAQ3T238DQfRRhg.DsYDsNGj6rk50lCz9.KJcH .nJv13MC3Ep8kD5dXA.cDYk5kbDN98_TN4zfhfu8vHiVn_ZTsi05ghDsqfYTB86Gg3rhAVEG9HsN XasAON98Gi4CLaYadAgzD6QmZuBJib30ZelGphFhjR.QR.lA3ZfOwLu9fnDu7c7W3A7_y3II.kcK 6YNXrUjGtCR4pqQyF9l4z8KPKAoBxbCy30eU3rIz.e_y3oveBZVRrUIG3MNEQKypqe2zO3VTAw1A Kfpp151nzYvHg_OoPQ9zn1TR5l.w2o8uQx2zl.wN5DpltPL7OBMkVVONq2hog32DF5hL0iE3g1hK INxF7jLgkCN8AByT_oPyMICkDwlWqsdKrSjsY6rn14lJ3Z685XOCh67rsSmsK9s74N_jiP6NGXVA JF3.LyqGtsqsBhzntIYKVUcN38jf0VDWUsyP8CTwOfU.CCsel4_UYRPIggTUqr7oySIvnjPzsoyt zZITIZeTfea9Yolxe7jTq_cC_d7CAQD.LWwhGFd1r9ZgApBfUF3QAnvXVzw9M08IG6VU2tnLnfJj FUUV9JKbw.H3JSFh5GawSSYtKB9SatDPsagw9m.bAA3MjXezbhWsTJgZEYcqEsruiyNCyDwg0z2M x0aST37TaV.rGaYqRFLcFHW4oes6nkl6pare.RN_mhZF2_6eXjD..rec0TJg8jPEJ46dhvC95Hol OSEhubUTTSOmpBOOUDa9DkCFk.5PLOYueSM1MxYNv.V6HsvPrgHtKFrAGJNK_CNlOugMo32q6bOF UHaatZHeH4IyVu4uupAtAy6EQa0k4R9KkcDp6fg53IXe0pQVNLQxIN3jO3J9ronp7mDWxQn0tnax K_eqDznPIllMEHHyK9hrK0_fBAcV8SgJxfxUIAs4c.A871lrIEGdW3ur1vl8EJOFSakfmI4g.92s Qc7I1yZOdXd9Q.CSqTosJAHpMZDllsjI2V.thni2qTmuR8yYLP8gohBlK0suFYB.3.ji8Ukya4Yo p6jtPGOpDH6sWzfW1NepDfNCds9z9v9GbtuiScj8OKNf297iMAgM.Q5o7ybbcJgTrv.RLniT2O65 XX7UrbtzIgGL8Nha4KeRZ8zUFxhGUSIxbie4QO5IzIcPcexIBBF4wzIyWbOa5ad1MzLnftNceTX6 XpiFJ1f57iaSc9EgWTOtCSsi1XD_NxOQBT5m4ZB8IfGDaeyeP0TAC.bcbv2iUDMveIJi823zluAU Atf1tLsLsTWXc.ItXuQPuGo.UnSZg9vAJj.sdSkTNI7InHMfW6L4FAB7UivH_bOzZ7ZPI6mAl.Nr wHcwQWioSh0UKizyRh1dn2sDlspcwiONjRg6VTuBHKPcKgN8CoD6xzasBXhUlyo3xAiRWZkIvuyb M7llRmx0d5WIxUzpi9rJf_L._v7PSK_zDgZnp4AuHSgtIuQ4FSNyFvgu05w7W6TSaVHwT51fajvb YeM86egwnftCnoXJz6PByB9E3M1y.4nbSEPSSpA2rZdftgUzGiESyeN31TTNzvxK9cOFNhQFP72v yQxZ_IYqbwg3mnnP4K0O2hCevlXs_Cn1RjLrUHZyiUP4iRWoIbJSSVmNyls2LII_vJu3bARIKi3N X3FLQexg6nU_1GeAX6pF3vMwj4xmwX27O_LYKUVRo X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:10:31 +0000 Received: by kubenode530.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID fe57542e3a96f3613d965a321dacc17a; Fri, 24 Sep 2021 18:10:26 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Greg Kroah-Hartman , linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v29 14/28] LSM: Specify which LSM to display Date: Fri, 24 Sep 2021 10:54:27 -0700 Message-Id: <20210924175441.7943-15-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a new entry "interface_lsm" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "interface_lsm" to set the value. The name of the LSM currently in use can be read from "interface_lsm". At this point there can only be one LSM capable of display active. A helper function lsm_task_ilsm() is provided to get the interface lsm slot for a task_struct. Setting the "interface_lsm" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen SELinux hook provided by Stephen Smalley Signed-off-by: Casey Schaufler Cc: Kees Cook Cc: Stephen Smalley Cc: Paul Moore Cc: John Johansen Cc: Greg Kroah-Hartman Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- .../ABI/testing/procfs-attr-lsm_display | 22 +++ Documentation/security/lsm.rst | 14 ++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 17 ++ security/apparmor/include/apparmor.h | 3 +- security/apparmor/lsm.c | 32 ++++ security/security.c | 166 ++++++++++++++++-- security/selinux/hooks.c | 11 ++ security/selinux/include/classmap.h | 2 +- security/smack/smack_lsm.c | 7 + 10 files changed, 256 insertions(+), 19 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-lsm_display diff --git a/Documentation/ABI/testing/procfs-attr-lsm_display b/Documentation/ABI/testing/procfs-attr-lsm_display new file mode 100644 index 000000000000..0f60005c235c --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-lsm_display @@ -0,0 +1,22 @@ +What: /proc/*/attr/lsm_display +Contact: linux-security-module@vger.kernel.org, +Description: The name of the Linux security module (LSM) that will + provide information in the /proc/*/attr/current, + /proc/*/attr/prev and /proc/*/attr/exec interfaces. + The details of permissions required to read from + this interface are dependent on the LSMs active on the + system. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are dependent on the LSMs active on the + system. + The format of the data used by this interface is a + text string identifying the name of an LSM. The values + accepted are: + selinux - the SELinux LSM + smack - the Smack LSM + apparmor - The AppArmor LSM + By convention the LSM names are lower case and do not + contain special characters. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index 6a2a2e973080..b77b4a540391 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -129,3 +129,17 @@ to identify it as the first security module to be registered. The capabilities security module does not use the general security blobs, unlike other modules. The reasons are historical and are based on overhead, complexity and performance concerns. + +LSM External Interfaces +======================= + +The LSM infrastructure does not generally provide external interfaces. +The individual security modules provide what external interfaces they +require. + +The file ``/sys/kernel/security/lsm`` provides a comma +separated list of the active security modules. + +The file ``/proc/pid/attr/interface_lsm`` contains the name of the security +module for which the ``/proc/pid/attr/current`` interface will +apply. This interface can be written to. diff --git a/fs/proc/base.c b/fs/proc/base.c index 533d5836eb9a..65da9d2f3060 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2823,6 +2823,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "fscreate", 0666), ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), + ATTR(NULL, "interface_lsm", 0666), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c61a16f0a5bc..d2c4bc94d47f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1686,4 +1686,21 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, extern int lsm_inode_alloc(struct inode *inode); +/** + * lsm_task_ilsm - the "interface_lsm" for this task + * @task: The task to report on + * + * Returns the task's interface LSM slot. + */ +static inline int lsm_task_ilsm(struct task_struct *task) +{ +#ifdef CONFIG_SECURITY + int *ilsm = task->security; + + if (ilsm) + return *ilsm; +#endif + return LSMBLOB_INVALID; +} + #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 1fbabdb565a8..b1622fcb4394 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -28,8 +28,9 @@ #define AA_CLASS_SIGNAL 10 #define AA_CLASS_NET 14 #define AA_CLASS_LABEL 16 +#define AA_CLASS_DISPLAY_LSM 17 -#define AA_CLASS_LAST AA_CLASS_LABEL +#define AA_CLASS_LAST AA_CLASS_DISPLAY_LSM /* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 392e25940d1f..4237536106aa 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -621,6 +621,25 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, return error; } + +static int profile_interface_lsm(struct aa_profile *profile, + struct common_audit_data *sa) +{ + struct aa_perms perms = { }; + unsigned int state; + + state = PROFILE_MEDIATES(profile, AA_CLASS_DISPLAY_LSM); + if (state) { + aa_compute_perms(profile->policy.dfa, state, &perms); + aa_apply_modes_to_perms(profile, &perms); + aad(sa)->label = &profile->label; + + return aa_check_perms(profile, &perms, AA_MAY_WRITE, sa, NULL); + } + + return 0; +} + static int apparmor_setprocattr(const char *name, void *value, size_t size) { @@ -632,6 +651,19 @@ static int apparmor_setprocattr(const char *name, void *value, if (size == 0) return -EINVAL; + /* LSM infrastructure does actual setting of interface_lsm if allowed */ + if (!strcmp(name, "interface_lsm")) { + struct aa_profile *profile; + struct aa_label *label; + + aad(&sa)->info = "set interface lsm"; + label = begin_current_label_crit_section(); + error = fn_for_each_confined(label, profile, + profile_interface_lsm(profile, &sa)); + end_current_label_crit_section(label); + return error; + } + /* AppArmor requires that the buffer must be null terminated atm */ if (args[size - 1] != '\0') { /* null terminate */ diff --git a/security/security.c b/security/security.c index f5e9f2eaf5da..863d6f77df2e 100644 --- a/security/security.c +++ b/security/security.c @@ -78,7 +78,16 @@ static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; char *lsm_names; -static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init; + +/* + * The task blob includes the "interface_lsm" slot used for + * chosing which module presents contexts. + * Using a long to avoid potential alignment issues with + * module assigned task blobs. + */ +static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init = { + .lbs_task = sizeof(long), +}; /* Boot-time LSM user choice */ static __initdata const char *chosen_lsm_order; @@ -672,6 +681,8 @@ int lsm_inode_alloc(struct inode *inode) */ static int lsm_task_alloc(struct task_struct *task) { + int *ilsm; + if (blob_sizes.lbs_task == 0) { task->security = NULL; return 0; @@ -680,6 +691,15 @@ static int lsm_task_alloc(struct task_struct *task) task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); if (task->security == NULL) return -ENOMEM; + + /* + * The start of the task blob contains the "interface" LSM slot number. + * Start with it set to the invalid slot number, indicating that the + * default first registered LSM be displayed. + */ + ilsm = task->security; + *ilsm = LSMBLOB_INVALID; + return 0; } @@ -1735,14 +1755,26 @@ int security_file_open(struct file *file) int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { + int *oilsm = current->security; + int *nilsm; int rc = lsm_task_alloc(task); - if (rc) + if (unlikely(rc)) return rc; + rc = call_int_hook(task_alloc, 0, task, clone_flags); - if (unlikely(rc)) + if (unlikely(rc)) { security_task_free(task); - return rc; + return rc; + } + + if (oilsm) { + nilsm = task->security; + if (nilsm) + *nilsm = *oilsm; + } + + return 0; } void security_task_free(struct task_struct *task) @@ -2174,23 +2206,110 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * lsm_slot will be 0 if there are no displaying modules. + */ + if (lsm_slot == 0) + return -EINVAL; + + /* + * Only allow getting the current process' interface_lsm. + * There are too few reasons to get another process' + * interface_lsm and too many LSM policy issues. + */ + if (current != p) + return -EINVAL; + + ilsm = lsm_task_ilsm(p); + if (ilsm != LSMBLOB_INVALID) + slot = ilsm; + *value = kstrdup(lsm_slotlist[slot]->lsm, GFP_KERNEL); + if (*value) + return strlen(*value); + return -ENOMEM; + } hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && ilsm != LSMBLOB_INVALID && + ilsm != hp->lsmid->slot) + continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } +/** + * security_setprocattr - Set process attributes via /proc + * @lsm: name of module involved, or NULL + * @name: name of the attribute + * @value: value to set the attribute to + * @size: size of the value + * + * Set the process attribute for the specified security module + * to the specified value. Note that this can only be used to set + * the process attributes for the current, or "self" process. + * The /proc code has already done this check. + * + * Returns 0 on success, an appropriate code otherwise. + */ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size) { struct security_hook_list *hp; + char *termed; + char *copy; + int *ilsm = current->security; + int rc = -EINVAL; + int slot = 0; + + if (!strcmp(name, "interface_lsm")) { + /* + * Change the "interface_lsm" value only if all the security + * modules that support setting a procattr allow it. + * It is assumed that all such security modules will be + * cooperative. + */ + if (size == 0) + return -EINVAL; + + hlist_for_each_entry(hp, &security_hook_heads.setprocattr, + list) { + rc = hp->hook.setprocattr(name, value, size); + if (rc < 0) + return rc; + } + + rc = -EINVAL; + + copy = kmemdup_nul(value, size, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + + termed = strsep(©, " \n"); + + for (slot = 0; slot < lsm_slot; slot++) + if (!strcmp(termed, lsm_slotlist[slot]->lsm)) { + *ilsm = lsm_slotlist[slot]->slot; + rc = size; + break; + } + + kfree(termed); + return rc; + } hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; + if (lsm == NULL && *ilsm != LSMBLOB_INVALID && + *ilsm != hp->lsmid->slot) + continue; return hp->hook.setprocattr(name, value, size); } return LSM_RET_DEFAULT(setprocattr); @@ -2210,15 +2329,15 @@ EXPORT_SYMBOL(security_ismaclabel); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secid_to_secctx(blob->secid[hp->lsmid->slot], - secdata, seclen); - if (rc != LSM_RET_DEFAULT(secid_to_secctx)) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secid_to_secctx( + blob->secid[hp->lsmid->slot], + secdata, seclen); } return LSM_RET_DEFAULT(secid_to_secctx); @@ -2229,16 +2348,15 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob) { struct security_hook_list *hp; - int rc; + int ilsm = lsm_task_ilsm(current); lsmblob_init(blob, 0); hlist_for_each_entry(hp, &security_hook_heads.secctx_to_secid, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - rc = hp->hook.secctx_to_secid(secdata, seclen, - &blob->secid[hp->lsmid->slot]); - if (rc != 0) - return rc; + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.secctx_to_secid(secdata, seclen, + &blob->secid[hp->lsmid->slot]); } return 0; } @@ -2246,7 +2364,14 @@ EXPORT_SYMBOL(security_secctx_to_secid); void security_release_secctx(char *secdata, u32 seclen) { - call_void_hook(release_secctx, secdata, seclen); + struct security_hook_list *hp; + int ilsm = lsm_task_ilsm(current); + + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + hp->hook.release_secctx(secdata, seclen); + return; + } } EXPORT_SYMBOL(security_release_secctx); @@ -2387,8 +2512,15 @@ EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { - return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, - optval, optlen, len); + int ilsm = lsm_task_ilsm(current); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, + list) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + return hp->hook.socket_getpeersec_stream(sock, optval, + optlen, len); + return -ENOPROTOOPT; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 824a0df03aca..06974ad48b9d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6504,6 +6504,17 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) /* * Basic control over ability to set these attributes at all. */ + + /* + * For setting interface_lsm, we only perform a permission check; + * the actual update to the interface_lsm value is handled by the + * LSM framework. + */ + if (!strcmp(name, "interface_lsm")) + return avc_has_perm(&selinux_state, + mysid, mysid, SECCLASS_PROCESS2, + PROCESS2__SETDISPLAY, NULL); + if (!strcmp(name, "exec")) error = avc_has_perm(&selinux_state, mysid, mysid, SECCLASS_PROCESS, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 084757ff4390..2c68408491c2 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -53,7 +53,7 @@ struct security_class_mapping secclass_map[] = { "execmem", "execstack", "execheap", "setkeycreate", "setsockcreate", "getrlimit", NULL } }, { "process2", - { "nnp_transition", "nosuid_transition", NULL } }, + { "nnp_transition", "nosuid_transition", "setdisplay", NULL } }, { "system", { "ipc_info", "syslog_read", "syslog_mod", "syslog_console", "module_request", "module_load", NULL } }, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9474fcdaf002..654b8a66df3c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3508,6 +3508,13 @@ static int smack_setprocattr(const char *name, void *value, size_t size) struct smack_known_list_elem *sklep; int rc; + /* + * Allow the /proc/.../attr/current and SO_PEERSEC "interface_lsm" + * to be reset at will. + */ + if (strcmp(name, "interface_lsm") == 0) + return 0; + if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) return -EPERM; From patchwork Fri Sep 24 17:54:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F35EC4332F for ; Fri, 24 Sep 2021 18:11:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 00C6D61164 for ; Fri, 24 Sep 2021 18:11:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347954AbhIXSNL (ORCPT ); Fri, 24 Sep 2021 14:13:11 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:36279 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344497AbhIXSNK (ORCPT ); Fri, 24 Sep 2021 14:13:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507097; bh=sSZAkFLtim3IMEiW/QSLmTBaEhGPPpcC/viHHuJ5ZX4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=mqaxQ1QGdcLdVyimRxLSx5f703LyYEBGp24+DJFR5iD6RA9eZbx7A3tNIzM7vGnaIWdAAo16o3WS5fqlPVXsZTmTFlE+8YY0mrKoE/shWNURqAHDh4mNItkwoZ5wH3maoYFgGdQ6cuHq2JSc1TQIjDPDuOqiC1DR52mVXMqHc5mZPFxcQ0BeRAOWMFRYWXUXgalE2X1Wd31PdWDqC/f55j5avbIaHXKJ+ST8b6wRlW3u6ihqJeSChQo3jioNOlcDfaQmW+4Mh2IC7GwrHIrjGZzhsYYb++Ffb5MSFdHPHerJ1qq6yonLTnQkjWZ7+GPKBIJ9UMFMLMdgMQidei4EfQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507097; bh=wuWBSNL+e0vBn8+uacoJ7yI7WoMWpcYGjb29nca2NjF=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aZac2nIK1zC0hnQJtntkbtFAha/HpCgWcMzeO9M+++vIsE5XdTjqgak6KGBpk2KqdqcV9ieWOCUmXHOXoytVZcFl37NFW6CV8aC5VgpZNOGfXnwR8VdtiAXNKWNoDQR0u5qP9R2a6OuyrGy4HNp+noXpZH6dxmCogVuma2TmuCOx6umSHQCa5xhyU2YNlsajDxPwA3+hVMCbG9WibQysoQTz+YIqgNwO7/8xIlXYK1ifuUAr9jMTzcCfcOgy4yIoaoMkFN3TjgrK2j9bJ6d/zxxnlzRXMBhlnAOmNETo6cmtQ3YuVIGM8RFgwxUZip6WF7203a5vUYxocdUMCAcWNQ== X-YMail-OSG: jXv5SmoVM1m.ci_.2VWZKKdDRdxaGLmAIX2TFEbxUg12LvWet4kjB25XAU9K54t ctyygJ0PhgH.UkJRMo7A.6m.WWeRZ4uToo7FqDfN_vjOLZ1y8iBl50POl77oK.QM.kJhpgsROfc_ xecLHgDPRKiM0ZgfLcC07Z.16_ahI5isx8WGWbPENldklCLd1UqDJcVmJELj0IKPh86PG2CDZcl2 Y_JnnD6870_XJfTtqTTFNW2qN5oa5cRgCHLowMP1izreVDT4sa5C3ShGbR0V0_PzNK0kNP3CoKA0 n8t8xZzMW4KB84bL1GxJegkskqqnSjJxFQWnhE1XIxZRJ0SqBLa2ijF22diT1aNLkYQseRg0XFlW MWiMyG4TyccopHeC3TAjYEM.OH3acTzgGVa7jEHRu6HyBbHzzJYjInlyHhAU4mBGnvdEFup1it1m LApqcWVQia1s37bj1ZWYJYPXHn._CW_..hXu6fmYGhot8M1I6ARNfYQ01HxulV1dw3nziEmhAjzr Vj.p6QZQVMnvxlIq.gQXisvMJ.e6zSDNqrkUuDtHW7laApXbZlgoJxR8fukndV2Bd.VbjHynXUed 5xaZBku3bcHnEwsfWKvPZBjA4RJu_UUBq6ueAAaKXVpi3sAPdbyNiRRleVU8oKm9mca0XhJxCCYV FZZ3EDhCSvVEU6.DDJ0x4MC0UrWeNRhM1ju7xXwANaXG_nzygSiIMjGKk7upzkec9FOZa28hBPn2 G.mFqfYFYhqxPlvj4J96fXkvDBcfhbixUeqvrEcec4BM2UuLByvDpxaeIZfqD88GKHooGnTks1Q2 LLBtgyHL_dOxj27w7ccT5mk_TCtV450hDPvMRd7CgB5m2tda9eMcEf0Krj5smvJK4lfdtLUOcZfh qKWhTfEa41QvQPLtEqwkSTgZvaYzPqEm_GwXMM_mI2sUJEpXQpo36frbCckIh_pHMFq02yjn8f45 LsQJNFuUHqbr_Wti6al7wZxsweA4c64pALr2tKB33.6Jq7uZyb7rmIL2D_SPsH5mrgV9eJ3Zj5fV fqXNDzWTPZZj9DIt6EHSDHrzKaRVZ0AqZWLhXL8hsgSzy2kz6sdKGMfmtLkaaJ66jjKeWr7LVekP fhEbi0Vtto2TTz3nemVHWzUr4mP0fHcUaCezS9J.3V43Z7JOK9HmoEHd4.Sy7nLoxgUGHMsYOWSC wm.xg17QhE17CgmOXsmuYu9Cc3WxuajlMjNHvJ9PHGryuU9NynLwryU7qxbTF7.13fDcrlUqCUV. NveX_xVVTHABspIhceoPX6N.KfX0hO.s6fEDsWknLakQ3GN8C2c7CnhUxqHNsYJPasKPNmIzHmYr wwOSD16f.VHAqEGgAi52.fVneDh3Wh4dy6N8TJGjbP2OnwAdYeHbGyYLWoWJ53m9GN1Hv1Tele8S jofvQ8AfSpVF3rs7Vh7JmM0W.6.Ulrd2ywDKSVCM3.DtxhyntlZ4YSA5ngEeiHFq2PBLMVMfqHBZ RZU4qwsjnF3ZMfk9d579lhrNC77tjYbdUbZDR2YSp1KLbkooInVW.M_5JNYchWaS9jws4N_Z30Tg t6wT_exFN9lJk6OpMrcbGlCdiCBNudx3dnDkZt792sR6rUYkEqCtxVPKe65CgShQMoKv0R_98Mse _pLVdtStUnaKoXjWDH_S3N21LRAXZM5vVkZTxRSpxJQIlPoQNvHbM6G4u9okJ8m.v6iQSt.x5Wb7 VSwWHgLwC.67YG6cgU31diN8rpZXtqKpbqVo99KNzVv2p8she0KaAq2SVjCbV9DRi74ykZRRZSGE KBNIdXogXaHs46Z2qyjvsxVJFJjS3FoMeL4YI409JcA_v_ks6wq1NC_xz2kQxvEX47_29jtUyIAy 6A1TEb6FMmiCJDLDbcM6s7UpTpU0Cvg2x5as04jEBhWPs704pLAAIU1_32bDkdrtvPV6O6jae.ct Q.eDQEghjQEYS4K1sPki.0bPbm5HRpKW0VrjHuIz9kMAXM0SmpwvsA7aGPKWWN9c2TZ53VpDblIT 5oxBUWAySkEui1C5WiwZ_wBJpknC3LU80AbiPHWUw86K_kTl3awXQSBd6UAHOlhdXuGXetxnvqFq gPgSfcLbDfpJipc1hdCVd6SJMXrQCyVR2l0qSl0OT1S2vBE5qgbhR57CployeVW5qODfU_2S4rcy mqy4a5.fGQukNZXZ6OVLTHXuNaUgynw1z6M_R1nwEi8fzcoYnMbM_.wX9oNJ9LxaFpKhqK0M5VRy uqJRcscdgRKc8Au7doTp6FqhA.Y8iB5DuOtzmbLYQZKmp7D0bfSs9chGpdfcqTArECzOZRDbI9cI VQTWE8CkiVPnRinVoIXPzUnQ1wdlq2O8uMM3DYpHy9Sh8RdQiZs5OpTy9oCx8eSIELtBrqpMDOz1 rh8QE0HJEbvhPYC9Vep4h0XQDBJ.yRSpwyFk- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:11:37 +0000 Received: by kubenode518.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 3b42191bf6f420db991064dbe869fa7f; Fri, 24 Sep 2021 18:11:32 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-integrity@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH v29 15/28] LSM: Ensure the correct LSM context releaser Date: Fri, 24 Sep 2021 10:54:28 -0700 Message-Id: <20210924175441.7943-16-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add a new lsmcontext data structure to hold all the information about a "security context", including the string, its size and which LSM allocated the string. The allocation information is necessary because LSMs have different policies regarding the lifecycle of these strings. SELinux allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Chuck Lever Signed-off-by: Casey Schaufler Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org To: Pablo Neira Ayuso Cc: linux-nfs@vger.kernel.org --- drivers/android/binder.c | 10 ++++--- fs/ceph/xattr.c | 6 ++++- fs/nfs/nfs4proc.c | 8 ++++-- fs/nfsd/nfs4xdr.c | 7 +++-- include/linux/security.h | 35 +++++++++++++++++++++++-- include/net/scm.h | 5 +++- kernel/audit.c | 14 +++++++--- kernel/auditsc.c | 12 ++++++--- net/ipv4/ip_sockglue.c | 4 ++- net/netfilter/nf_conntrack_netlink.c | 4 ++- net/netfilter/nf_conntrack_standalone.c | 4 ++- net/netfilter/nfnetlink_queue.c | 13 ++++++--- net/netlabel/netlabel_unlabeled.c | 19 +++++++++++--- net/netlabel/netlabel_user.c | 4 ++- security/security.c | 11 ++++---- 15 files changed, 121 insertions(+), 35 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index d17a34445dcd..36e41b9e08fd 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2461,6 +2461,7 @@ static void binder_transaction(struct binder_proc *proc, int t_debug_id = atomic_inc_return(&binder_last_id); char *secctx = NULL; u32 secctx_sz = 0; + struct lsmcontext scaff; /* scaffolding */ e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2772,7 +2773,8 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } - security_release_secctx(secctx, secctx_sz); + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); secctx = NULL; } t->buffer->debug_id = t->debug_id; @@ -3114,8 +3116,10 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) - security_release_secctx(secctx, secctx_sz); + if (secctx) { + lsmcontext_init(&scaff, secctx, secctx_sz, 0); + security_release_secctx(&scaff); + } err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 159a1ffa4f4b..c61a8432dac5 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -1375,12 +1375,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode, void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx) { +#ifdef CONFIG_CEPH_FS_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ +#endif #ifdef CONFIG_CEPH_FS_POSIX_ACL posix_acl_release(as_ctx->acl); posix_acl_release(as_ctx->default_acl); #endif #ifdef CONFIG_CEPH_FS_SECURITY_LABEL - security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen); + lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0); + security_release_secctx(&scaff); #endif if (as_ctx->pagelist) ceph_pagelist_release(as_ctx->pagelist); diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index e1214bb6b7ee..71004670455b 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -136,8 +136,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, static inline void nfs4_label_release_security(struct nfs4_label *label) { - if (label) - security_release_secctx(label->label, label->len); + struct lsmcontext scaff; /* scaffolding */ + + if (label) { + lsmcontext_init(&scaff, label->label, label->len, 0); + security_release_secctx(&scaff); + } } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 7abeccb975b2..089ec4b61ef1 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2844,6 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + struct lsmcontext scaff; /* scaffolding */ void *context = NULL; int contextlen; #endif @@ -3345,8 +3346,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) - security_release_secctx(context, contextlen); + if (context) { + lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ + security_release_secctx(&scaff); + } #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index 58c853eabcc9..580eec268138 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -134,6 +134,37 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * A "security context" is the text representation of + * the information used by LSMs. + * This structure contains the string, its length, and which LSM + * it is useful for. + */ +struct lsmcontext { + char *context; /* Provided by the module */ + u32 len; + int slot; /* Identifies the module */ +}; + +/** + * lsmcontext_init - initialize an lsmcontext structure. + * @cp: Pointer to the context to initialize + * @context: Initial context, or NULL + * @size: Size of context, or 0 + * @slot: Which LSM provided the context + * + * Fill in the lsmcontext from the provided information. + * This is a scaffolding function that will be removed when + * lsmcontext integration is complete. + */ +static inline void lsmcontext_init(struct lsmcontext *cp, char *context, + u32 size, int slot) +{ + cp->slot = slot; + cp->context = context; + cp->len = size; +} + /* * Data exported by the security modules * @@ -551,7 +582,7 @@ int security_ismaclabel(const char *name); int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); -void security_release_secctx(char *secdata, u32 seclen); +void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); @@ -1415,7 +1446,7 @@ static inline int security_secctx_to_secid(const char *secdata, return -EOPNOTSUPP; } -static inline void security_release_secctx(char *secdata, u32 seclen) +static inline void security_release_secctx(struct lsmcontext *cp) { } diff --git a/include/net/scm.h b/include/net/scm.h index 23a35ff1b3f2..f273c4d777ec 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, #ifdef CONFIG_SECURITY_NETWORK static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen; @@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + /*scaffolding*/ + lsmcontext_init(&context, secdata, seclen, 0); + security_release_secctx(&context); } } } diff --git a/kernel/audit.c b/kernel/audit.c index 8ec64e6e8bc0..c17ec23158c4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_sig_info *sig_data; char *ctx = NULL; u32 len; + struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) - security_release_secctx(ctx, len); + if (lsmblob_is_set(&audit_sig_lsm)) { + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); + } return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); @@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab) unsigned len; int error; struct lsmblob blob; + struct lsmcontext scaff; /* scaffolding */ security_task_getsecid_subj(current, &blob); if (!lsmblob_is_set(&blob)) @@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab) } audit_log_format(ab, " subj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&scaff, ctx, len, 0); + security_release_secctx(&scaff); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b5807b9b8a4d..1b1ddd62de6c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1002,6 +1002,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; + struct lsmcontext lsmcxt; char *ctx = NULL; u32 len; int rc = 0; @@ -1019,7 +1020,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, rc = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ + security_release_secctx(&lsmcxt); } } audit_log_format(ab, " ocomm="); @@ -1232,6 +1234,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { + struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1266,7 +1269,8 @@ static void show_special(struct audit_context *context, int *call_panic) *call_panic = 1; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); + security_release_secctx(&lsmcxt); } } if (context->ipc.has_perm) { @@ -1417,6 +1421,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, char *ctx = NULL; u32 len; struct lsmblob blob; + struct lsmcontext lsmcxt; lsmblob_init(&blob, n->osid); if (security_secid_to_secctx(&blob, &ctx, &len)) { @@ -1425,7 +1430,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, *call_panic = 2; } else { audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ + security_release_secctx(&lsmcxt); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index cb10b5f03cf4..bf32ab6f81c7 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb, static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { + struct lsmcontext context; struct lsmblob lb; char *secdata; u32 seclen, secid; @@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - security_release_secctx(secdata, seclen); + lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + security_release_secctx(&context); } static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index daf554915e07..de223234963d 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -342,6 +342,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) int len, ret; char *secctx; struct lsmblob blob; + struct lsmcontext context; /* lsmblob_init() puts ct->secmark into all of the secids in blob. * security_secid_to_secctx() will know which security module @@ -362,7 +363,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) ret = 0; nla_put_failure: - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); return ret; } #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 79c280d1efce..3fcf44342b14 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) u32 len; char *secctx; struct lsmblob blob; + struct lsmcontext context; lsmblob_init(&blob, ct->secmark); ret = security_secid_to_secctx(&blob, &secctx, &len); @@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) seq_printf(s, "secctx=%s ", secctx); - security_release_secctx(secctx, len); + lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ + security_release_secctx(&context); } #else static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index bb97e8af8345..3603bd938b74 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; + struct lsmcontext scaff; /* scaffolding */ char *secdata = NULL; u32 seclen = 0; @@ -626,8 +627,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return skb; nla_put_failure: @@ -635,8 +638,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) - security_release_secctx(secdata, seclen); + if (seclen) { + lsmcontext_init(&scaff, secdata, seclen, 0); + security_release_secctx(&scaff); + } return NULL; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 15b53fc4e83f..7cb6f27c8cb2 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net, struct net_device *dev; struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; + struct lsmcontext context; char *secctx = NULL; u32 secctx_len; struct lsmblob blob; @@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); audit_log_end(audit_buf); @@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct netlbl_unlhsh_addr4 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct netlbl_unlhsh_addr6 *entry; struct audit_buffer *audit_buf; struct net_device *dev; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " sec_obj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); audit_log_end(audit_buf); @@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, int ret_val = -ENOMEM; struct netlbl_unlhsh_walk_arg *cb_arg = arg; struct net_device *dev; + struct lsmcontext context; void *data; u32 secid; char *secctx; @@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, NLBL_UNLABEL_A_SECCTX, secctx_len, secctx); - security_release_secctx(secctx, secctx_len); + /* scaffolding */ + lsmcontext_init(&context, secctx, secctx_len, 0); + security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 893301ae0131..ef139d8ae7cd 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; + struct lsmcontext context; char *secctx; u32 secctx_len; struct lsmblob blob; @@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - security_release_secctx(secctx, secctx_len); + lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_release_secctx(&context); } return audit_buf; diff --git a/security/security.c b/security/security.c index 863d6f77df2e..e9a56d44ab6e 100644 --- a/security/security.c +++ b/security/security.c @@ -2362,16 +2362,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen, } EXPORT_SYMBOL(security_secctx_to_secid); -void security_release_secctx(char *secdata, u32 seclen) +void security_release_secctx(struct lsmcontext *cp) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { - hp->hook.release_secctx(secdata, seclen); - return; + if (cp->slot == hp->lsmid->slot) { + hp->hook.release_secctx(cp->context, cp->len); + break; } + + memset(cp, 0, sizeof(*cp)); } EXPORT_SYMBOL(security_release_secctx); From patchwork Fri Sep 24 17:54:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 010F3C433F5 for ; Fri, 24 Sep 2021 18:12:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D0FC36054E for ; Fri, 24 Sep 2021 18:12:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347971AbhIXSOQ (ORCPT ); Fri, 24 Sep 2021 14:14:16 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:41763 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347964AbhIXSOP (ORCPT ); Fri, 24 Sep 2021 14:14:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507162; bh=LOk57S4WyBhQ+vIEGjnsY7mT3pTnGeNhziu1rZh3gro=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=UGxIArw6fi+yL94QwX7qCCDDTfAntmDFgFUXeFYXUXfBDersiva+WGfuiGlUPnuWLW1EvPWCOp3Eq2RBeuOltQHLXGT8aMvLMu9WeW6NRGAfoPzAMFW8srd7OYg/U7ZpksqcM0ydIwgicUr/A1eS+CSdyXsUp2LGqsfVC7paPzyYbkx9obyXfOhW6hAKGFUNz2sjxOG4/6f8JfN/EVuY4MLVdraympp1CncCJ8xp3euvorqyjf8BJsd1XVzP3zPSxzz+WHD1KsuJvjdSLmB1a8mbW8DsiSegDLPQUPYHgm5T/i4JMMUqx5PONnnBMAc5EIhv5JXxD3JISd0eRizaTw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507162; bh=I/WiJIcQm9F0+cA06wLJGlXkaWh0cyRXt8rjWpp+sau=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=W6T6u4FbO1LIoVTQtmvUatOcnx+xOFCalX1U7PBm02gC4rtw44NIIcritckLaIrejx9GtAxME9WNc+NEgaezEcCF8BXs9/BvpjNwZutntFzg20ur2MQQIDfE7mfiDE19bqHkP9OKoHOrIYK7VT5LJ4e/OsQ77PdAyr+MT4pvVtL8FXmsIeIeDTVQxITFesVQN241f6kn2UIVKdlmZgLBzB4HBaF6ztk6PLDEG1An7jkkEfCpv3FONDwIePKlqg7PhJqpvvdVeEtGmy3hkR72F5JEi/7NhjkXBbm9PsoSV9iJbppZLUDTlZttLttcH8sUj84QlZAdxQcMjyZEJSIxYQ== X-YMail-OSG: zUa5SHIVM1lwWV_rALGi0LPyKxvHr_KoZwyh4..LlZQem3wtLQHpGtmpWO8blne sWfV6j0owbQwM7haAw7vrj8QpD93hge2VXHIT4cg2P1Ud9HZNCPHkwUaVmVcmjFE7aeEZ8dNyFoQ Ukcy04dn1BhRnuNHVEnKpxULbp6TnAPgVB.UyzONbgMLRhuY1wC4o8ARKTvj0T6Si4Be3JQaJInB 6Q8xsrS2QW5XuqX97L7UlIbJ6wUOXfM4hCs9uj.mD3pdCBaaTBFFSpqexSIRfIzB7Y0hE_n1fpoC 5W0mRfXnqqsjjAyw6O21tUxQ2NWXq6JIXnFHPmn7pQAk6bFWUYjpYFwPg0pBgGlSwKsG_5A3MFtg tIV8iEWxKxv34_4ZqhqTCzJZjJtLX1iltZzLcS083GrPeb7BQ05wLo4IaF1jSyvTtDZEzjzp2pSs 0oHwZCUs0HEG2Oq5ldAjEggL_5htpfozDsjOxLu309OxpxZFUMJRvOHu3hwvnH4eqxIoWM5hKgmu WZaw0LB4m.S7Tbwi_iUDt0oQahVY022596EU7LaSNG48z6UixzSxdgBrchmBReyr93NnQlXv6oeT 1IuX7Pwzmzhyy11dR5vEzOE5fSyLQWum26nzgQUWRzhnMimxXi9RrUvlxODzlMjAoT6R277GYS1r hq5zFqqGI9KR_5yj2m7ZdIvxfObnErCqbQc1vdjKrI5TT_ZHzKtqH4rpVLnWGstDR4Y4Oyas.iFU cIxsL7vVQFmtKSuBjGHvZnip.LFXgKn9lSaMPL_zUMBjM44WbqFNj7kocdoHatk0Wf0oyBe_BNEE RF0NkuSQ6NogBGlRhURrircn8s75Ty0MhfOV6305X6Op3EgswJHwg0JEgEsQSu5n8RfCz.faj8hJ u1Bm.GFUon95OD6igHIJcBfGcyHvP3xIuC4_AsFExIBVTvcZOkbZS_AZktgonbRpYIV_W8k.6qSL 9MSGqvHca6y2OkI5gtTWyo9Esq5EuqT19Pxgjfrx4A3_MlGQwgxXe0Tx_L1ZMiZUNZolGmHcZWXG Wu3G76mCUQ_IhwtneMxPtVEu6ee.E96buosT9MCgoPqzju3tqI8iHiWX18SAUZItLwIH45CgAA3j QQerD7KvD4AIQWG06nPjhbB3eGH_FJoz_x17E6zKPSTFiHI3L_twV0TcPZiJ5eBi4QAr8PUKi71s uhIyGpA59udwzVLEE7vJQLGAde1nZCbt4sCz3Da0eh8K2u4FbxC4fipjo_7wKPv8cW47g0RisJNN lwGeYAQQAKg6j3hWXRdhZXW0Pt6eoW0L6VfLTHWdJKTp.wFANPc695xTLO6hqRm1NnnK3EI5YoK8 P90mIHMWkzikZlkjFFeobthlhuFInlaPRq3Mz3DwViEylN5PURSQOXC4Q34NMf0WpM6pgaORefwz 4rwqHLOXBAVIjNOl8MZ2sudDMr03DHW6xso9cdWagK62OOAF4O0pIBzv7ao5phzDgiEs8rJFhzX8 0vNmBtsLj4nYHUVhJ2RBEdOejEmeC54aRwLg8H8M4QVUI6d_Gxt7PGMMGjj7ZGqPj4KPEhDxXYIt Y6omgpejg7ClCeC6QV3tkMflVyKgbIpGyrKl0fKsTXDgK4g1UKMKTUquh__hK_fS5ym18QbOazYN pl5pD7qH7Hc8PnW.aF34_Xrc8FLQhjVjdQKj8B8kKY389aPUf0jjSNKM9S7b1TnApAi3Gco4nCLD DGeljXrgw.52qrrrltfAtcNIwhVT8melus7X6Jda.1yB76DrdHflhm8Pu6vwwE2Fh69H3dNOa99j Zm_9AdG.I8vojOlmutHREHf61_3uIH2tr0KVhAv0ekLP1RGgk2AELprK0_igp5FxrMMlapIYnea4 qJt_6sbYJ6CgzOHBArzl1.dU7sGi003q9vtSxntIUw31qDPNdmzRels01VJUeXHkROxNFGPmmQVn gVkT7fq6Oc9fQrRLtjdmALv5m8AUhMa2.PQ3LkLR7BNNvfoV.7fopGgKKlwVqE.83WwAVXpo6GC. bLLXKevQrPXBy6Pi0aKbGzpCvhjXrWUDgILQuZVHbVfWcnA7E0b.WmCV7T6WL.w1hHBf5O.C4IMT gj.RDxUMy_8KMzzlpnTe5zDM9l87Q6z1aHGOCglUjbEKgG1yCYWx.cd8kC5AmVtEXqjKBj04pifw Rbovi7dvOtGjrf_X9OknXL2RWXCbufgqXK7HWuo6YMIR1XszWla540Lrolvso0nZwcoiWmA39Qrk lPYFYqfNEWXFyxUHcs_cIUOguAzLl5PyH217zoSuCYV.RX5bZ.J1jkpEqcNZOQAnhOpCiDnJlUkr qe383jJPchUBFuLOKoP3XCOW__rfZGVo23rYMPwzZgsvebVFAGmzdeDe1R574 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:12:42 +0000 Received: by kubenode586.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1244745efe54fab898e04cd89ef13192; Fri, 24 Sep 2021 18:12:38 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v29 16/28] LSM: Use lsmcontext in security_secid_to_secctx Date: Fri, 24 Sep 2021 10:54:29 -0700 Message-Id: <20210924175441.7943-17-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Replace the (secctx,seclen) pointer pair with a single lsmcontext pointer to allow return of the LSM identifier along with the context and context length. This allows security_release_secctx() to know how to release the context. Callers have been modified to use or save the returned data from the new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-audit@redhat.com Cc: netfilter-devel@vger.kernel.org --- drivers/android/binder.c | 26 +++++++--------- include/linux/security.h | 4 +-- include/net/scm.h | 9 ++---- kernel/audit.c | 39 +++++++++++------------- kernel/auditsc.c | 31 +++++++------------ net/ipv4/ip_sockglue.c | 8 ++--- net/netfilter/nf_conntrack_netlink.c | 18 +++++------ net/netfilter/nf_conntrack_standalone.c | 7 ++--- net/netfilter/nfnetlink_queue.c | 5 +++- net/netlabel/netlabel_unlabeled.c | 40 ++++++++----------------- net/netlabel/netlabel_user.c | 7 ++--- security/security.c | 10 +++++-- 12 files changed, 81 insertions(+), 123 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 36e41b9e08fd..1159b4e44b28 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2459,9 +2459,7 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); - char *secctx = NULL; - u32 secctx_sz = 0; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext lsmctx = { }; e = binder_transaction_log_add(&binder_transaction_log); e->debug_id = t_debug_id; @@ -2724,14 +2722,14 @@ static void binder_transaction(struct binder_proc *proc, * case well anyway. */ security_task_getsecid_obj(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); + ret = security_secid_to_secctx(&blob, &lsmctx); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_get_secctx_failed; } - added_size = ALIGN(secctx_sz, sizeof(u64)); + added_size = ALIGN(lsmctx.len, sizeof(u64)); extra_buffers_size += added_size; if (extra_buffers_size < added_size) { /* integer overflow of extra_buffers_size */ @@ -2758,24 +2756,22 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } - if (secctx) { + if (lsmctx.context) { int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, - secctx, secctx_sz); + lsmctx.context, lsmctx.len); if (err) { t->security_ctx = 0; WARN_ON(1); } - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - secctx = NULL; + security_release_secctx(&lsmctx); } t->buffer->debug_id = t->debug_id; t->buffer->transaction = t; @@ -2832,7 +2828,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - - ALIGN(secctx_sz, sizeof(u64)); + ALIGN(lsmctx.len, sizeof(u64)); off_min = 0; for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { @@ -3116,10 +3112,8 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: - if (secctx) { - lsmcontext_init(&scaff, secctx, secctx_sz, 0); - security_release_secctx(&scaff); - } + if (lsmctx.context) + security_release_secctx(&lsmctx); err_get_secctx_failed: kfree(tcomplete); binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE); diff --git a/include/linux/security.h b/include/linux/security.h index 580eec268138..eed281367895 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -579,7 +579,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1434,7 +1434,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - char **secdata, u32 *seclen) + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index f273c4d777ec..b77a52f93389 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen; int err; if (test_bit(SOCK_PASSSEC, &sock->flags)) { @@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (!err) { - put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); - /*scaffolding*/ - lsmcontext_init(&context, secdata, seclen, 0); + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, + context.context); security_release_secctx(&context); } } diff --git a/kernel/audit.c b/kernel/audit.c index c17ec23158c4..841123390d41 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1190,9 +1190,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; struct audit_sig_info *sig_data; - char *ctx = NULL; - u32 len; - struct lsmcontext scaff; /* scaffolding */ err = audit_netlink_ok(skb, msg_type); if (err) @@ -1440,33 +1437,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) kfree(new); break; } - case AUDIT_SIGNAL_INFO: - len = 0; + case AUDIT_SIGNAL_INFO: { + struct lsmcontext context = { }; + int len = 0; + if (lsmblob_is_set(&audit_sig_lsm)) { - err = security_secid_to_secctx(&audit_sig_lsm, &ctx, - &len); + err = security_secid_to_secctx(&audit_sig_lsm, + &context); if (err) return err; } - sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); + sig_data = kmalloc(sizeof(*sig_data) + context.len, GFP_KERNEL); if (!sig_data) { - if (lsmblob_is_set(&audit_sig_lsm)) { - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); - } + if (lsmblob_is_set(&audit_sig_lsm)) + security_release_secctx(&context); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (lsmblob_is_set(&audit_sig_lsm)) { - memcpy(sig_data->ctx, ctx, len); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + len = context.len; + memcpy(sig_data->ctx, context.context, len); + security_release_secctx(&context); } audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); kfree(sig_data); break; + } case AUDIT_TTY_GET: { struct audit_tty_status s; unsigned int t; @@ -2132,26 +2130,23 @@ void audit_log_key(struct audit_buffer *ab, char *key) int audit_log_task_context(struct audit_buffer *ab) { - char *ctx = NULL; - unsigned len; int error; struct lsmblob blob; - struct lsmcontext scaff; /* scaffolding */ + struct lsmcontext context; security_task_getsecid_subj(current, &blob); if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &ctx, &len); + error = security_secid_to_secctx(&blob, &context); if (error) { if (error != -EINVAL) goto error_path; return 0; } - audit_log_format(ab, " subj=%s", ctx); - lsmcontext_init(&scaff, ctx, len, 0); - security_release_secctx(&scaff); + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; error_path: diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1b1ddd62de6c..d198f307a4d8 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1002,9 +1002,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmcxt; - char *ctx = NULL; - u32 len; + struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1015,13 +1013,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &ctx, &len)) { + if (security_secid_to_secctx(blob, &lsmctx)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } audit_log_format(ab, " ocomm="); @@ -1234,7 +1231,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) static void show_special(struct audit_context *context, int *call_panic) { - struct lsmcontext lsmcxt; struct audit_buffer *ab; int i; @@ -1259,17 +1255,15 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - char *ctx = NULL; - u32 len; + struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmcxt)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); + audit_log_format(ab, " obj=%s", lsmcxt.context); security_release_secctx(&lsmcxt); } } @@ -1418,20 +1412,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, MAJOR(n->rdev), MINOR(n->rdev)); if (n->osid != 0) { - char *ctx = NULL; - u32 len; struct lsmblob blob; - struct lsmcontext lsmcxt; + struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (security_secid_to_secctx(&blob, &lsmctx)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; } else { - audit_log_format(ab, " obj=%s", ctx); - lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */ - security_release_secctx(&lsmcxt); + audit_log_format(ab, " obj=%s", lsmctx.context); + security_release_secctx(&lsmctx); } } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index bf32ab6f81c7..588e4d2dcd15 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) { struct lsmcontext context; struct lsmblob lb; - char *secdata; - u32 seclen, secid; + u32 secid; int err; err = security_socket_getpeersec_dgram(NULL, skb, &secid); @@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &secdata, &seclen); + err = security_secid_to_secctx(&lb, &context); if (err) return; - put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); - lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */ + put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context); security_release_secctx(&context); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index de223234963d..0c3e1a8aaf2b 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -339,8 +339,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) { struct nlattr *nest_secctx; - int len, ret; - char *secctx; + int ret; struct lsmblob blob; struct lsmcontext context; @@ -348,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; @@ -357,13 +356,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) if (!nest_secctx) goto nla_put_failure; - if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) + if (nla_put_string(skb, CTA_SECCTX_NAME, context.context)) goto nla_put_failure; nla_nest_end(skb, nest_secctx); ret = 0; nla_put_failure: - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); return ret; } @@ -658,15 +656,15 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) #ifdef CONFIG_NF_CONNTRACK_SECMARK int len, ret; struct lsmblob blob; + struct lsmcontext context; - /* lsmblob_init() puts ct->secmark into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, NULL, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return 0; + len = context.len; + security_release_secctx(&context); + return nla_total_size(0) /* CTA_SECCTX */ + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */ #else diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 3fcf44342b14..c8825e89a21e 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v) static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) { int ret; - u32 len; - char *secctx; struct lsmblob blob; struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &secctx, &len); + ret = security_secid_to_secctx(&blob, &context); if (ret) return; - seq_printf(s, "secctx=%s ", secctx); + seq_printf(s, "secctx=%s ", context.context); - lsmcontext_init(&context, secctx, len, 0); /* scaffolding */ security_release_secctx(&context); } #else diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 3603bd938b74..4490bcb2a8b6 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; + struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) return 0; @@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, secdata, &seclen); + security_secid_to_secctx(&blob, &context); + *secdata = context.context; } read_unlock_bh(&skb->sk->sk_callback_lock); + seclen = context.len; #endif return seclen; } diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 7cb6f27c8cb2..596a75814fbf 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - char *secctx = NULL; - u32 secctx_len; struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && @@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, - &secctx, - &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + if (security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0); @@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); @@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, if (entry != NULL) lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, - &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " sec_obj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0); + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " sec_obj=%s", + context.context); security_release_secctx(&context); } audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0); @@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct lsmcontext context; void *data; u32 secid; - char *secctx; - u32 secctx_len; struct lsmblob blob; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, @@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len); + ret_val = security_secid_to_secctx(&blob, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, NLBL_UNLABEL_A_SECCTX, - secctx_len, - secctx); - /* scaffolding */ - lsmcontext_init(&context, secctx, secctx_len, 0); + context.len, + context.context); security_release_secctx(&context); if (ret_val != 0) goto list_cb_failure; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index ef139d8ae7cd..951ba0639d20 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type, { struct audit_buffer *audit_buf; struct lsmcontext context; - char *secctx; - u32 secctx_len; struct lsmblob blob; if (audit_enabled == AUDIT_OFF) @@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) { - audit_log_format(audit_buf, " subj=%s", secctx); - lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/ + security_secid_to_secctx(&blob, &context) == 0) { + audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index e9a56d44ab6e..f8d306b0dfb8 100644 --- a/security/security.c +++ b/security/security.c @@ -2326,18 +2326,22 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) { struct security_hook_list *hp; int ilsm = lsm_task_ilsm(current); + memset(cp, 0, sizeof(*cp)); + hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; - if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) + if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) { + cp->slot = hp->lsmid->slot; return hp->hook.secid_to_secctx( blob->secid[hp->lsmid->slot], - secdata, seclen); + &cp->context, &cp->len); + } } return LSM_RET_DEFAULT(secid_to_secctx); From patchwork Fri Sep 24 17:54:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516465 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E493C433FE for ; Fri, 24 Sep 2021 18:13:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3484D61164 for ; Fri, 24 Sep 2021 18:13:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347992AbhIXSPV (ORCPT ); Fri, 24 Sep 2021 14:15:21 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:34270 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347991AbhIXSPU (ORCPT ); Fri, 24 Sep 2021 14:15:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507227; bh=zEv9ZIGZNCgU32WKXmg75kwhAe5o64GekUqwpBi6s6c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Nnq7COk5VXfvRcKo9iX1mtkbsisA5fheSitAH29NUToGqmeLRrwRpoFlIgjebMehsyDYNbMXi/bvCpDmM+uFx5qeVTFm27fyrtHh6AWQf1gCw3xRci8wKEVw9sMuGfXmxWgETA+sjO19ug2ryf1DUTGS/YiMoTXR35vZqpKH90ijqAcnhI2L6WhyiX7LV7O3xlHfiUSP0EdRWuh772tFGm3+17m6/Gwi6/xphaPgtSFdu/T3iT5qzXtHDKhzmF6jhX+3ghgPJUFXIi/E0yL1Sd0wfduJanYF/cmAbJR4fERsxCC7f1F2Ccmo2ryrQoNphOx7vB9XFaQRt+CbNaBbPQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507227; bh=sBBkJYsX49MXv/0T7Cy1bQxKXOk6A17s6MVwiw9b7oK=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=oy2c0VLGRLYK9AqSwswmmvNImt1y8nIZhlTi8tdxTKJjaCJ7cFwlL6G/PdLXcFONnEsSHUJM+u9oof1Dt+kj+hoEiYUElOsJvOvKLFcEpP9sKH2daicd1oHx8lMik4JT4qCzdnsPQVh5WpVDC6+uscQXUjwiS1SmCP7RBQL2ks2L6w0nb39Cpr2z3u5xh0ojoq+Tfc0TcRYUeqbAAjj3vh1orDcrYQtIkowQ5Kbv08mdf554xTSQM/asUk+QtsIJOLuGgjipoItsqLiIetv6rBd417+JRj7tq7hDgIxcewjW/nrT7faWHeZxB5nO1s4gpLN9xfWcmtQZDAuVq3MjQw== X-YMail-OSG: IPEa74AVM1mXMYUjB2jhUF1m_rAOekINZPervGxnpygmZjbC__20Kz7II5WX5z8 qbkNUWB2aYBh5U5j1o9oeXoX8QIPzv5tIHjb2QZLGBcSY_bQw0h99UKcGuu3lk.7vtU26CjYlDWb KuYXWY2HcIAaUsphitG1zKyr3utE3ZEF1O2sOkGV_00Sdzp._Y1mCOCBd60pMyu_LFIJGV0SyrMw .MOvhZX.2NzfGnYnuW8osXCX83sIg1AxytPUUht64bmUVB1ktGL5igjbIxTs_ZAoZs835LiOeC.A oNPPowzCllFO9Y.GqYEQwCefH1L2pJqVprwyb.q053yuz.tXZxIAfANxHMBmXRFVROd64oXd76cp vAUjYo6FG09HB0hWnT8eS.YxjH5zi1ZLiDszxkRGDWy0xQab6k.u4Ao4Cg_fRvY6eVLRYwCMY0L_ CBE1u7Eu0UgLjc1aMynzVVySontTRgWFcLycKxagHet9tFugULCqX2uTd6da.JEpqASMd93zUFk7 SKjAzb0KCTvhOKMdmi5dVxwmYydQdQmqHCFvnY7rLdBo0vxq5tscOmjCDjyHQi_t2dWAI36BkeQs na6jYsegD3apGxPdutjmuEMUTvRp75XiX8Wcg5.8U_kWdbUuyPjTi_JI0ENPTexDwYRn6sYpvEXk WzDN.Vu1HwSK07AqWRXJI_LDMOztqOY6Xy05q9AwxEPGTsnTX_6nATEwLT2ompaL6NXKTcp6vBW. hYy1uUgG3zTABOOHM8mfez8o_WtmpnH8_J5f3nXFXn4deCKyka6lp1gsrn7625H.qqGlyjfpu6ET hc7mSk38QhssGTZVrVakEtKbTNnGnkjcmhrKz4T5LW1sCEtNApRC51hNxk3peM7fR2mm3xf8c7jH vK_MOJwmFjZTm3Fu9Y.Gqj1k7Zd0O.YxihAARHZDIRjuxHMqq77Igbejraw.qJ_sfmbJZKmBonGv WndQnhW2te0ZGT7xfU2We7Tet8PO.ndX8Wnj43aMhzy9.9kT9R.o56COZ.J3uGP8gm4bghgWNCoe UfgTkdY39GuYecSxN3IU8gCWEfc0DCM0wHQp6yIbIJTq4YgSzlKYJFxORMIOB9nHOc_f1VgEKT4l TUCEIWGLHfavJyucEtLg2paZTDi0Qv.CNDzwrPgUIPWo7UH7WJcV57MsPxGPx9jCazGgWDxPEqGy 5dd4B0nG_UCsqkR9MUKCNKUEwfPmKdGqQdSrUXf9Oe4Z7q3bIjJa0RrBNkP_fcqj8Fk6XdWLl0lT tpqA7rT16VWVFuYr6JufcwfbpKg3TLvN8ldnaSxDu3ZWVKbscTgaAima43Tsy45DeMwP0oz0ngT8 gsGyUoIH0iQGXBf0rsAVq2ktdfAF1jqfClRsDrx.87wsu8SQLz_ZWJVq5CuoWtUS4Cke_5j_.hQJ zZ1AA2ORs.Z5DUwc9hSDfA2qCU7JuZ0pg8nhw7HN9D_2uk4dkpaCZG_QZYZDIt7Ri2YRt5yERRmx m9ByRxFuyZmDP_4PDSIa6GjY3LcwtTJXmHVnLAL7lwjRjp9hu9xmRX6_6ASLNHd3iTZAVGimAy3z drJ2tjIUtd.xQfx5ZJ.byaPVpg43iMriBGXjpv6DTVoeoxKOla7zGGJgt.9wYt490rjbMMyAgl_9 s36CBzOwlnLFnVvYE9qxbQdjV4ry.buxyi2cJTZNkPuBdKw_ztlZWNXj__l.CGtJLBCXAXQbMgZT Hh_SPJbiETMggsVS496OtEUaCSKz_ylLSJbgK7RsH.fmEknerPHVpXv2DMCFHVthhxJfSiCN6d9z 1S8XMo3cWGZ.X_JZcLLUoVf.8dQipi81_mIy2oxl9RrjZ0ykRfbP0BbHXuIEwuoyxxjZ.sljjLjP .K2Ey74p2NZCaBgAGfE7EioNRY64Ay06jtJfzu6XE5SjeR1ad_KkRnvnFoS9qYFKLtU5_TE6BSw5 X96uQ2yM_6F6mUa8m0C3mselRNeM_1g_ab_vyoICo6F0oSHdMSpNEutS0r5Nn.fjTAhP1y5pKicv jjGGPanhn34K5ry29moBSt0rdoU_MWlA.HpTE_eLQmGX5PTP5XVRjG6C7Vanm96Cg3gvnT2OmotS pOeC99YeIBHerPMTIySOugXW7UWjR8.Q30a_ESYR1EzcI79rUk92wMXVgInp.QAQVzCSa3pzfbL0 Y63lvM.o6yOum1X3oQBV6kgk2I_aigxX9ouVAxHeREXXlfK7DYpCukVohfawXJ5FF_eIcEXK3xm. uRwr9WT4hlyhr8c.R0WWHblXcVnA_K3Jzh8ZzScBcstXHhL0xi1sqGgZBQViy2isWBN1MOn.Mr5U oIrdj4yrGHidmARUxwcISg9LRD6mGj54.eQhPOocUU9KdK2jaTkK0SwM5D9I5tETKbRLLSk3aaXE Gc6P2CsUr.Ak8 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:13:47 +0000 Received: by kubenode502.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID e8ecf35fa5d45e1219effba6365c6f5b; Fri, 24 Sep 2021 18:13:45 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Chuck Lever , linux-nfs@vger.kernel.org Subject: [PATCH v29 17/28] LSM: Use lsmcontext in security_inode_getsecctx Date: Fri, 24 Sep 2021 10:54:30 -0700 Message-Id: <20210924175441.7943-18-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change the security_inode_getsecctx() interface to fill a lsmcontext structure instead of data and length pointers. This provides the information about which LSM created the context so that security_release_secctx() can use the correct hook. Acked-by: Stephen Smalley Acked-by: Paul Moore Acked-by: Chuck Lever Reviewed-by: Kees Cook Reviewed-by: John Johansen Signed-off-by: Casey Schaufler Cc: linux-nfs@vger.kernel.org --- fs/nfsd/nfs4xdr.c | 23 +++++++++-------------- include/linux/security.h | 5 +++-- security/security.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 089ec4b61ef1..fc7ba114c298 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2727,11 +2727,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { __be32 *p; - p = xdr_reserve_space(xdr, len + 4 + 4 + 4); + p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4); if (!p) return nfserr_resource; @@ -2741,13 +2741,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, */ *p++ = cpu_to_be32(0); /* lfs */ *p++ = cpu_to_be32(0); /* pi */ - p = xdr_encode_opaque(p, context, len); + p = xdr_encode_opaque(p, context->context, context->len); return 0; } #else static inline __be32 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, - void *context, int len) + struct lsmcontext *context) { return 0; } #endif @@ -2844,9 +2844,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, int err; struct nfs4_acl *acl = NULL; #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - struct lsmcontext scaff; /* scaffolding */ - void *context = NULL; - int contextlen; + struct lsmcontext context = { }; #endif bool contextsupport = false; struct nfsd4_compoundres *resp = rqstp->rq_resp; @@ -2904,7 +2902,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { if (exp->ex_flags & NFSEXP_SECURITY_LABEL) err = security_inode_getsecctx(d_inode(dentry), - &context, &contextlen); + &context); else err = -EOPNOTSUPP; contextsupport = (err == 0); @@ -3324,8 +3322,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, #ifdef CONFIG_NFSD_V4_SECURITY_LABEL if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { - status = nfsd4_encode_security_label(xdr, rqstp, context, - contextlen); + status = nfsd4_encode_security_label(xdr, rqstp, &context); if (status) goto out; } @@ -3346,10 +3343,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, out: #ifdef CONFIG_NFSD_V4_SECURITY_LABEL - if (context) { - lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/ - security_release_secctx(&scaff); - } + if (context.context) + security_release_secctx(&context); #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ kfree(acl); if (tempfh) { diff --git a/include/linux/security.h b/include/linux/security.h index eed281367895..e5fd1711bf8b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -586,7 +586,7 @@ void security_release_secctx(struct lsmcontext *cp); void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp); int security_locked_down(enum lockdown_reason what); #else /* CONFIG_SECURITY */ @@ -1462,7 +1462,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 { return -EOPNOTSUPP; } -static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +static inline int security_inode_getsecctx(struct inode *inode, + struct lsmcontext *cp) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index f8d306b0dfb8..a61477c6b0f6 100644 --- a/security/security.c +++ b/security/security.c @@ -2398,9 +2398,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) } EXPORT_SYMBOL(security_inode_setsecctx); -int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp) { - return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); + struct security_hook_list *hp; + + memset(cp, 0, sizeof(*cp)); + + hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { + cp->slot = hp->lsmid->slot; + return hp->hook.inode_getsecctx(inode, (void **)&cp->context, + &cp->len); + } + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_inode_getsecctx); From patchwork Fri Sep 24 17:54:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516499 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9BC04C433EF for ; Fri, 24 Sep 2021 18:14:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7D6F56054E for ; Fri, 24 Sep 2021 18:14:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348001AbhIXSQ3 (ORCPT ); Fri, 24 Sep 2021 14:16:29 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:34459 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347995AbhIXSQ3 (ORCPT ); Fri, 24 Sep 2021 14:16:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507295; bh=sPePNFjY2Hg+Qwx1YxPQDr6XkSh5fD9D76yQuIRPlvY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=WHmzgIlQO5DxwYjLvjxspydmi/6c4syIqcTRZsephHcd+axbdtLZgTzLH0Z3swcoea8mBfk5OuTKyfyA8TM71ImcDmz3OkRfusRpe9Y9bGbKwxqqAhnkL2pwuPeadM6O7YsSzYNE6vpvjdQVBOA5pBFO19xt8A85WkhG3Lf5Xbei9Hs3n9n3uA9tk85BIIGpU1wk3/SU74KofsFitNcJ4wjo8jV4P5ZIwlCUzEkXbYsOO84jZygP9d3dIYox8oqtnSaKg4JbQsVlTVQWYTDQ0D7+Xc8BWJMD/FJanTIevnwHC9ijpmO6lIJkOxkhbQWVy18BUAMLHD+3Ue7mX+74jA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507295; bh=bbVA5A5F3/m6qi9FShtU7Zd6OhjwtVlHBEB3dEGsvzq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XXaiaI9hSz9JLMPCG39ZQlUwLhE2tWNEUDoz2nRoycJ8J/n7GwYbNkDRB8QKMMqYDhEVpdjR2AS7KZqdCV8tNZx/Ik5MXMjSrdgFa95c/AMvc2CpksFsS5KXaxyCsCCv7ST1t8Kcj9LwquFb4UHsfwW8/oWN2IcQrlZsHtanBtx0ez4ikM/cZ+32zksMgR/Cnha8Wk2E8sDfCQFC+CUugVlF/c/sbWyEywWy/uTV/B0sPYOcHDtjz5cxPaWt9AzyhWqhonDvAf3rBP8zIVyQ1iO67VUmlZqpYF1Jv9NrssaptiR+Qczn3ikIBWsuVQyMvnOsMuAZN6ueQ7Wmtoetkg== X-YMail-OSG: ST2zd64VM1lCIiulQcsej982B9Y72ukKRweqY1xOP_UduLwwFbAg.Y3j1KEn3oQ Ke8i6aQ_4mckqePYEbstJ.ytW3wBfUtEIhUWxZGik75KQv1H7fiFZeGYxZAj2ifeYB8vjp4QChaf VssHzrXo5PwoE.7QGSFqBv8f6GUK162ABQBtaQZ6UOvRes.qoSBB.DvTtCVYN7xeWwWNKIGnN1Np wy_0_aAoNuWxqjKacU_uej5MPlnltU28..aKLrefXIf.UQ3Y.LQ65cnOFKSX6DBfzEQBGwdrfGGi znnIZa_8JvvmGQY3urE_T278A6Dsz.uJtCsbZV0SpwxxfGFRiDfI6NvPE95EgX9sTeqj2wGPQCbr aUGChQN.boZ8oodzob7EzklXzk0te8U.3BMSPXlfM7iTACJXldiAbIaAY0ttv1I1DdWtE8kD4VmH Wm9yvxEJlgWkP5FN8JtMq3nMouYbfxbEXUibzWYXh_s8wNHu_a0f.oMah8_NrpvrxWizPlxhqjJe J.2bGv1ze9zu_Fo5bqMrF_NpTonBpggIM2LJj37nwL9n0JANm1cT_tiYFaodBvUNqeFxLzfEPoET pWTlExRaaV_k2.QL37_ASplzoxVOEvXFSoeV67sjH_5VkWiqKmLsQcbJltUxdSCD7ywnwyzD687_ uY4prbAKR1rDvJ9QioLuJ1xta1.45kiWCUuwTntorVB9KoMR5Q6jgXe29R86E1XBuN42H4UT.7Sf u2KLmj11rSug5lsS1m.BJ5_WBs5ZTdC0e.oE.Udwp.NCqh54gabfCDXdJXr8gBkRVNA25UvyMZCH Pxxe7n78LrciF39ao8xHiGr.xDPiL1kB24AuJMFa_45G9FW00TZu3nsVpsLqFZzTgj8SoJ3woqrH g.pZZSP5CvSbGOQ67L9FcBf9xeQTjR82hBhe.kpJ9_GlnczSxgWVRwGsm7M9AkNmC4WcNL1h3G9l D6TxacNBr515UPfFOCb.OcUV9opCCwKv8sM.ZeA6e9L5UGWfAac.v48Jgj5GUybvTJYcq3L3RLwI FvJUmFF84wAgrW.RTNgRhBqeAr5ivPMO1y4oBBkYQFFOE3KYL0gkEFV8M1amIEmCUNYLV6YgnuFN Na6Y.mm1IVsdpB9zQEQjBRrk4flm1rmSz.d9wfKh3R0lxSxogh2.N2T8iy7EGdkM0bGAU.ycZDQ_ 03MYzzjRzyz3KpAV.Z9PjW7urYS_WAc3hPsA2ZhCEHrFDRPwMhAp53nsCIm_.IvZfkMMMptkK1q9 VmqiH_E83JfeWLKbFpxGnNfFH.0I6AaTbCxdzcmFiS.rBabRtDr5JKB52JOpapp.KSfVt2wWmKos z5ckpDm8qu3hCacl9_7KC2OGX8LzzrwG7ebxN6rNVK8dd5wM9Su_t.tsS7YmexSrX3UHyuxWUDnA KJjKfPgXJGOIKRprC1vioN8ThMy..8T_BIYJXJ1VPEFW8Oq2UW23UU78Y9EiOB1Q2cGajRv8q5O4 B2hhKFVE1vy2VMzQwbCF._BFJYCcagKfOTSbpjvDA0pyOMMWTh_IWqCPJx9nlGIwVIgJebMwXVuu ZKvHRd.cdZUIGSfUw9u6l_TPOTwlTzRauisu4m8eFJnd7G2W.WoPejsYEq8eYzwPoVrWsn6F.TDI ix2cuP3FrVYHplNcy3Lo6OUNBb9FcV6hTP0zZj_JWS91HBYw3LKizvlXx03ofFUJ1qhAdQ3HPz2l PyhGSHW1KDSZxvRpFuf3qwTOQEZIs8.nVOtbjUgwpPNKOGTusDf3tyqWI92YEh9DeW.aUDu0jrMl mJsWzINUJJ5vqoeCMRYYAA5Buz_RIZpQJ4AxrNSz4ebiCsNVSxOq29T80owAfnaJILliTwqnPxtF 2qvsyp91HavFL1OKo8P5noUgSMCRFu84UaE1XyuoOMfhsGyIV2nu30CEkVq7Er3ZJqfaTdmZMfeg 3az5fLfXv3DTgJTqkDPyMZFdQnwmtSXNTFKYlUFUQmLPBpDSGM2BmWKVzteNGscJX_LsJeR.yFyR N4T9jmHIMBzmN.Bx_jIZOQj_TUzqA5xQ6e2nhf9HsK4mgN2ce1tjJg3fIOwu2z2sE4R1JRN55JO7 d5XAN.j4.ib90NyY1s3U8Dzs0SSJ1R76YLyaVHDmUeTcQmToCnxaFcDS9muHhPzTNgVQYAmHZPnz YSyZ7jCp.O3wNpfuau9SX0CCsP1DwwC_EzvnBwTprlBMbcCHPQez7bR5tMN_DZqPsdqzTsb4Zae3 SvTIn4r7k6SZ8Y4.EfYOOekwms2FnodCfQSKPD5XtwAy3IGCAH1yQoDIUR5NasaRtfNDvadyP6GN 8J8UcYi8bvhQSDlon8VG0JIhnlhAhCHi5AfqmFGY7Kg8ZJkLcd1BKnFMcj5hCV2CLcFzLpPtYtq0 iD.lN_NYsXqG9PJAaAXhSepyW4EGGBFtLLS8p.g-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:14:55 +0000 Received: by kubenode520.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7dd4eebf105076a5d757483ac2549105; Fri, 24 Sep 2021 18:14:50 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , Pablo Neira Ayuso , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH v29 18/28] LSM: security_secid_to_secctx in netlink netfilter Date: Fri, 24 Sep 2021 10:54:31 -0700 Message-Id: <20210924175441.7943-19-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 4490bcb2a8b6..b6922af82911 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -301,15 +301,13 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) return -1; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) +static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) { - u32 seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) struct lsmblob blob; - struct lsmcontext context = { }; if (!skb || !sk_fullsock(skb->sk)) - return 0; + return; read_lock_bh(&skb->sk->sk_callback_lock); @@ -318,14 +316,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, &context); - *secdata = context.context; + security_secid_to_secctx(&blob, context); } read_unlock_bh(&skb->sk->sk_callback_lock); - seclen = context.len; #endif - return seclen; + return; } static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) @@ -397,12 +393,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct net_device *indev; struct net_device *outdev; struct nf_conn *ct = NULL; + struct lsmcontext context = { }; enum ip_conntrack_info ctinfo; struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsmcontext scaff; /* scaffolding */ - char *secdata = NULL; - u32 seclen = 0; size = nlmsg_total_size(sizeof(struct nfgenmsg)) + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr)) @@ -470,9 +464,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { - seclen = nfqnl_get_sk_secctx(entskb, &secdata); - if (seclen) - size += nla_total_size(seclen); + nfqnl_get_sk_secctx(entskb, &context); + if (context.len) + size += nla_total_size(context.len); } skb = alloc_skb(size, GFP_ATOMIC); @@ -602,7 +596,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, nfqnl_put_sk_uidgid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, seclen, secdata)) + if (context.len && + nla_put(skb, NFQA_SECCTX, context.len, context.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) @@ -630,10 +625,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return skb; nla_put_failure: @@ -641,10 +634,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen) { - lsmcontext_init(&scaff, secdata, seclen, 0); - security_release_secctx(&scaff); - } + if (context.len) + security_release_secctx(&context); return NULL; } From patchwork Fri Sep 24 17:54:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516501 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 920C1C433F5 for ; Fri, 24 Sep 2021 18:16:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 75EF66054E for ; Fri, 24 Sep 2021 18:16:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345578AbhIXSRf (ORCPT ); Fri, 24 Sep 2021 14:17:35 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:46851 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344881AbhIXSRe (ORCPT ); Fri, 24 Sep 2021 14:17:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507361; bh=6RRHAKMzwa9sJZk5WpDHWqq7PEFjTPKUpEz6QGMiD5k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=WOfi4zuo5rzMwxOXMvdSX99jM2KG/8QwAjGzy878j4uWIfBkJipt3yB+XDtiqv8g///HVZpnm8cYb3lJOSINA6PWu66Bxrz7+f8INHOIn5xBS1QPS44NT8P8gp9Ycvsm36Wc3hsCCS4r1HktWRK507HCdq63vr5nVomKR26ZykN9Z38oih+0lklG8uvYZFF5LKJ9xWrIbcUaFMEVGFdU5qh7J4K8FOfRb+yp50NWajy6OkkyeCGPejipkmuiwqYd38KPmx0c8AyIlyMVj4JfD/qXzb4YBExLanXzWy361BYoQGhEiYGNnaiXgjQ5xaxI4ddHBd6ZlJriedxYlGDI6g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507361; bh=+COx/HARcU/NIH5YuevT1+AkXh8FNu66gW8ogOFZsKn=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=CHdJM7QWX+JyOC9DGD4+k0Rldye4dwX8tErf7Fkm2j/r2p0avIPX3uq5uA/16tvOU7sHrlxN630dl5ixa/8MeiF1EpxztyYzfa58e+Aaxe/FEEsbqpGDkcQD6YAgtLNBMkE5PBubOrIHJ82z1rJymrRz6NYhHMXglhg4mPfjpusnTHPq5qjkmVs40/DDhPZnWY4SJFWiLscCY6uyIqXGynqvepQB3JRcB8PUEkgD9jbJ6I60xJT5mTOnBI7Es2Bia7eVacgKUZ67410pDV5Eh+iw/slY8jZEHLU52pHzbWd5Y/hMgr9s6YiCjNiz5zDYpiUoOaYHXpdCFh3GjZ2D7g== X-YMail-OSG: HS3JyFkVM1k0r7iTT1ScMzd6MZDJTOUzymKmjoQXwR0mQBFqlHHRQnxl5ASDCoI N8RyZhqMjSE.DpL8hizxW_GgcDaT2UNSkwfdb7Usc_xKYXfMa3ftwleCDFDb2bo.tK01z7X88MUP tIiMEmPpvAb2xn59ehk6sAMSwHzHWJ.dnwUVXkidFxPV_3g5KQT2Bvw7CTE0Pt7FgzyKab0KVX.9 cZgz7Ir3nYU4UcRae.wklCQROabYwTLmRfX.HXpFJr5Ukwd.t47D_01GGPcTWmVfD74znLGR4wIN FiYWRlVRahm0yVS0J_AhOGkUHRpl.huOUZ1kWVCdOwDBhCkVdcuDhGt6GohzjKxQUhECX1tOeKXj 0oqn_F6vbpNexCOGjm8mr8usMwSVNzWWvolLQ_NOvFkoepB27oMktkGO37UJOif4MKjQqxOrM5V9 zOXZyl_l17KbKL0.DTPQs7ApdjZx0F2YMETgdtBapvS0B223VX73MOxc72GSdXbSSX8STSQqTx71 8PwyiS4xw9M_DPAS9GK1jui70ovwFSmMLEmKFI.x07cslWw0aeQjG3z_qwA7U.WoF7gk.ZtWQ9cn xqdAyyJBA_AvT0Dt4RqT3gC8skMC_VSDtGrYYGZC_9q25MaM_zWiYBK1OffLZ7v2Lf60G8eholHz zvpYLyIJKdnz7uHGktLXpIYUfKArkbiNWF6FvwGEEtHqkn_JjyjjZp6_wkNiDO97DEsFkB7_elXr 625N6d.381f_YwrwbJu0J3GmqY4glx4ToniKfPjOGjPYGHTiLMjCDKUr7dj_btCId72Jz3uSjrQY 5JiMv8csO5cGXFrFdcMxnncSxWUbfeSONqOYD124JhnMxIxAB6f00htD6labyElRFpsHNCtpPCcx gpwGFHYa5_eQVbS1rRVPzzUmiUeLa168RgawR1x9VvLFGc5IL85sQWhCvBQWxZf.qZ.xl7Wk6H2a xSSJu6c87YydmTPmYTbGp3vwuKFOFbUtLipR8gAqmGpjjrSyaSvf139NOCQqh9jj4hBwy0shKr.B 49lLwWoytiwSkiKcS5k3KTVo5yKA8X8SnkfZ_gT2ZHaLoFuV26EA_db.6kieRRGKMJmhbGQzf1wR prxDJ.EBKhnP25ASljz43o.9_ce8_UpCVqo3vXVf7grCwmbe_ua6Wt7HS7vWdnnXcJT983e135Ni HvGyAbnCBwbvKSudStJW1KfaaAk2nxrSJ_2t8Rc8HEPHiaoT05.ubU8r.kf..mHWhuZjPBZWvhvW 40_jBtBLRcdzv__CYYiUfKWuvTyu8L5AOKNfP1fqCcI575ybtILhgrYumGKYV1qXZiJqH9slUbdX 7fhhvQ09Z9C5DUjc10MoTF93lnSJSrxYlbVF5qLfH1yvutxDhF4B6BH2uk8jKmtXyrdTYv5K5pgq PrwVHGrewi_nPl5hNaGElJZMaT6cAAdNC27NNE6UZnp7mhG7J_gX8aBfuqYofpEoGPxGVhiDctl. qilcRDgqaSURfDjzBTwsyOiDHPXuWO23rlt0yIACNOTjQdfhJKEXbQx9pKkZs0IWGcC8r3BE3nDp SGGpP2oOtnrmo6Yzb4jhNdVD.rUuSdKme02cjHlgDpxx5QdCY8WVo2yceUgHJ_H68BsnTk8Q1aES 6.i9frY23ETOV9pnkE_Z3ES2AR9KjCojE4S.B5Jasd1iDT1Ex8C4x3g3f_87JybtK7Qr0eMdT4xo a.6EZ7itMk_fGX24ErCBWnBDjktmvXgSiO.D3d9Af_Xp2zXmfOAOlWqzNPOp1ywWdvKUVhKXrb6q eRK6wgqvqkZDV4lbN7afrxdQVdAAqfiIu_NyxpKxQV.7tsRcN83rUxr7A3DbshqtxgkAR1UQMd.V ezFJrQTia3IQTp8JfMnBQ69O16AjL48XAdVm7DTGSLKdzTpVWQOjna.pROcLU_0K_z9fWTk1FDos xdcaTkxOXYjiQAgdrTuPWGH1dYDMb5lgtzyd8IbBJjAH2dg.JDgLYn_T2YF2NqPAebGyKNy2I_75 ZE5jnx5Tq6Uqklk964xCdKRljnSVppdRGgvIlYNjXoi2zB3J0J5Vfd3.zAD5A6WQen6QkOJ3hXaC ckdlx399k56TK14dXMaN3dGMmxxRvpaizJzoKA8Wm9W2FkPwpexUF79Rwr2x_T23DjxtMOWeHQV8 rBGfm3V115mXR4vZ1qwtVlxrAbIMzFqX4rtn5tu4UfnodQI4693yTasKz1lHqNMVtF7Y0cSoXqFr vNc3ZPGGNrMhLReDv68miOuQ_9kMz4e6_0uLLomty141j4qQvKvW6cDdKSFHIk0uhA7P3zqehXw. F8.eUnLt4UnpjbkbKDlC9nqY1MMSuDqhlYXE- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:16:01 +0000 Received: by kubenode536.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ed781b7aa2dc5bb67ce9d484e3789b34; Fri, 24 Sep 2021 18:15:56 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley , netdev@vger.kernel.org Subject: [PATCH v29 19/28] NET: Store LSM netlabel data in a lsmblob Date: Fri, 24 Sep 2021 10:54:32 -0700 Message-Id: <20210924175441.7943-20-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Netlabel uses LSM interfaces requiring an lsmblob and the internal storage is used to pass information between these interfaces, so change the internal data from a secid to a lsmblob. Update the netlabel interfaces and their callers to accommodate the change. This requires that the modules using netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c | 26 ++++++---- net/netlabel/netlabel_kapi.c | 6 +-- net/netlabel/netlabel_unlabeled.c | 79 +++++++++-------------------- net/netlabel/netlabel_unlabeled.h | 2 +- security/selinux/hooks.c | 2 +- security/selinux/include/security.h | 1 + security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 4 +- security/smack/smack.h | 1 + security/smack/smack_access.c | 2 +- security/smack/smack_lsm.c | 11 ++-- security/smack/smackfs.c | 10 ++-- 13 files changed, 68 insertions(+), 86 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 43ae50337685..73fc25b4042b 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -166,7 +166,7 @@ struct netlbl_lsm_catmap { * @attr.mls: MLS sensitivity label * @attr.mls.cat: MLS category bitmap * @attr.mls.lvl: MLS sensitivity level - * @attr.secid: LSM specific secid token + * @attr.lsmblob: LSM specific data * * Description: * This structure is used to pass security attributes between NetLabel and the @@ -201,7 +201,7 @@ struct netlbl_lsm_secattr { struct netlbl_lsm_catmap *cat; u32 lvl; } mls; - u32 secid; + struct lsmblob lsmblob; } attr; }; @@ -415,7 +415,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_cfg_unlbl_static_del(struct net *net, const char *dev_name, @@ -523,7 +523,7 @@ static inline int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { return -ENOSYS; diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 099259fc826a..9bd72ec01785 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -106,15 +106,17 @@ int cipso_v4_rbm_strictvalid = 1; /* Base length of the local tag (non-standard tag). * Tag definition (may change between kernel versions) * - * 0 8 16 24 32 - * +----------+----------+----------+----------+ - * | 10000000 | 00000110 | 32-bit secid value | - * +----------+----------+----------+----------+ - * | in (host byte order)| - * +----------+----------+ - * + * 0 8 16 16 + sizeof(struct lsmblob) + * +----------+----------+---------------------+ + * | 10000000 | 00000110 | LSM blob data | + * +----------+----------+---------------------+ + * + * All secid and flag fields are in host byte order. + * The lsmblob structure size varies depending on which + * Linux security modules are built in the kernel. + * The data is opaque. */ -#define CIPSO_V4_TAG_LOC_BLEN 6 +#define CIPSO_V4_TAG_LOC_BLEN (2 + sizeof(struct lsmblob)) /* * Helper Functions @@ -1460,7 +1462,11 @@ static int cipso_v4_gentag_loc(const struct cipso_v4_doi *doi_def, buffer[0] = CIPSO_V4_TAG_LOCAL; buffer[1] = CIPSO_V4_TAG_LOC_BLEN; - *(u32 *)&buffer[2] = secattr->attr.secid; + /* Ensure that there is sufficient space in the CIPSO header + * for the LSM data. */ + BUILD_BUG_ON(CIPSO_V4_TAG_LOC_BLEN > CIPSO_V4_OPT_LEN_MAX); + memcpy(&buffer[2], &secattr->attr.lsmblob, + sizeof(secattr->attr.lsmblob)); return CIPSO_V4_TAG_LOC_BLEN; } @@ -1480,7 +1486,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, const unsigned char *tag, struct netlbl_lsm_secattr *secattr) { - secattr->attr.secid = *(u32 *)&tag[2]; + memcpy(&secattr->attr.lsmblob, &tag[2], sizeof(secattr->attr.lsmblob)); secattr->flags |= NETLBL_SECATTR_SECID; return 0; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index beb0e573266d..158bab993e32 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -196,7 +196,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain, * @addr: IP address in network byte order (struct in[6]_addr) * @mask: address mask in network byte order (struct in[6]_addr) * @family: address family - * @secid: LSM secid value for the entry + * @lsmblob: LSM data value for the entry * @audit_info: NetLabel audit information * * Description: @@ -210,7 +210,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, const void *addr, const void *mask, u16 family, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { u32 addr_len; @@ -230,7 +230,7 @@ int netlbl_cfg_unlbl_static_add(struct net *net, return netlbl_unlhsh_add(net, dev_name, addr, mask, addr_len, - secid, audit_info); + lsmblob, audit_info); } /** diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 596a75814fbf..60e36324568f 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -66,7 +66,7 @@ struct netlbl_unlhsh_tbl { #define netlbl_unlhsh_addr4_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr4, list) struct netlbl_unlhsh_addr4 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af4list list; struct rcu_head rcu; @@ -74,7 +74,7 @@ struct netlbl_unlhsh_addr4 { #define netlbl_unlhsh_addr6_entry(iter) \ container_of(iter, struct netlbl_unlhsh_addr6, list) struct netlbl_unlhsh_addr6 { - u32 secid; + struct lsmblob lsmblob; struct netlbl_af6list list; struct rcu_head rcu; @@ -220,7 +220,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) * @iface: the associated interface entry * @addr: IPv4 address in network byte order * @mask: IPv4 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -231,7 +231,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex) static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr4 *entry; @@ -243,7 +243,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, entry->list.addr = addr->s_addr & mask->s_addr; entry->list.mask = mask->s_addr; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af4list_add(&entry->list, &iface->addr4_list); @@ -260,7 +260,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, * @iface: the associated interface entry * @addr: IPv6 address in network byte order * @mask: IPv6 address mask in network byte order - * @secid: LSM secid value for entry + * @lsmblob: LSM data value for entry * * Description: * Add a new address entry into the unlabeled connection hash table using the @@ -271,7 +271,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, - u32 secid) + struct lsmblob *lsmblob) { int ret_val; struct netlbl_unlhsh_addr6 *entry; @@ -287,7 +287,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; entry->list.mask = *mask; entry->list.valid = 1; - entry->secid = secid; + entry->lsmblob = *lsmblob; spin_lock(&netlbl_unlhsh_lock); ret_val = netlbl_af6list_add(&entry->list, &iface->addr6_list); @@ -366,7 +366,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info) { int ret_val; @@ -375,7 +375,6 @@ int netlbl_unlhsh_add(struct net *net, struct netlbl_unlhsh_iface *iface; struct audit_buffer *audit_buf = NULL; struct lsmcontext context; - struct lsmblob blob; if (addr_len != sizeof(struct in_addr) && addr_len != sizeof(struct in6_addr)) @@ -408,7 +407,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in_addr *addr4 = addr; const struct in_addr *mask4 = mask; - ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid); + ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, lsmblob); if (audit_buf != NULL) netlbl_af4list_audit_addr(audit_buf, 1, dev_name, @@ -421,7 +420,7 @@ int netlbl_unlhsh_add(struct net *net, const struct in6_addr *addr6 = addr; const struct in6_addr *mask6 = mask; - ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid); + ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, lsmblob); if (audit_buf != NULL) netlbl_af6list_audit_addr(audit_buf, 1, dev_name, @@ -438,11 +437,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - /* lsmblob_init() puts secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - if (security_secid_to_secctx(&blob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -477,7 +472,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr, @@ -496,13 +490,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, (dev != NULL ? dev->name : NULL), addr->s_addr, mask->s_addr); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -543,7 +532,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, struct audit_buffer *audit_buf; struct net_device *dev; struct lsmcontext context; - struct lsmblob blob; spin_lock(&netlbl_unlhsh_lock); list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list); @@ -561,13 +549,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, (dev != NULL ? dev->name : NULL), addr, mask); dev_put(dev); - /* lsmblob_init() puts entry->secid into all of the secids - * in blob. security_secid_to_secctx() will know which - * security module to use to create the secctx. */ - if (entry != NULL) - lsmblob_init(&blob, entry->secid); if (entry != NULL && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -921,14 +904,8 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* netlbl_unlhsh_add will be changed to pass a struct lsmblob * - * instead of a u32 later in this patch set. security_secctx_to_secid() - * will only be setting one entry in the lsmblob struct, so it is - * safe to use lsmblob_value() to get that one value. */ - - return netlbl_unlhsh_add(&init_net, - dev_name, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, dev_name, addr, mask, addr_len, + &blob, &audit_info); } /** @@ -975,11 +952,8 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, if (ret_val != 0) return ret_val; - /* security_secctx_to_secid() will only put one secid into the lsmblob - * so it's safe to use lsmblob_value() to get the secid. */ - return netlbl_unlhsh_add(&init_net, - NULL, addr, mask, addr_len, - lsmblob_value(&blob), &audit_info); + return netlbl_unlhsh_add(&init_net, NULL, addr, mask, addr_len, &blob, + &audit_info); } /** @@ -1091,8 +1065,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, struct net_device *dev; struct lsmcontext context; void *data; - u32 secid; - struct lsmblob blob; + struct lsmblob *lsmb; data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid, cb_arg->seq, &netlbl_unlabel_gnl_family, @@ -1130,7 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr4->secid; + lsmb = (struct lsmblob *)&addr4->lsmblob; } else { ret_val = nla_put_in6_addr(cb_arg->skb, NLBL_UNLABEL_A_IPV6ADDR, @@ -1144,14 +1117,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, if (ret_val != 0) goto list_cb_failure; - secid = addr6->secid; + lsmb = (struct lsmblob *)&addr6->lsmblob; } - /* lsmblob_init() secid into all of the secids in blob. - * security_secid_to_secctx() will know which security module - * to use to create the secctx. */ - lsmblob_init(&blob, secid); - ret_val = security_secid_to_secctx(&blob, &context); + ret_val = security_secid_to_secctx(lsmb, &context); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, @@ -1510,7 +1479,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr4_list); if (addr4 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr4_entry(addr4)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr4_entry(addr4)->lsmblob; break; } #if IS_ENABLED(CONFIG_IPV6) @@ -1523,7 +1492,7 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, &iface->addr6_list); if (addr6 == NULL) goto unlabel_getattr_nolabel; - secattr->attr.secid = netlbl_unlhsh_addr6_entry(addr6)->secid; + secattr->attr.lsmblob = netlbl_unlhsh_addr6_entry(addr6)->lsmblob; break; } #endif /* IPv6 */ diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h index 058e3a285d56..168920780994 100644 --- a/net/netlabel/netlabel_unlabeled.h +++ b/net/netlabel/netlabel_unlabeled.h @@ -211,7 +211,7 @@ int netlbl_unlhsh_add(struct net *net, const void *addr, const void *mask, u32 addr_len, - u32 secid, + struct lsmblob *lsmblob, struct netlbl_audit *audit_info); int netlbl_unlhsh_remove(struct net *net, const char *dev_name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 06974ad48b9d..c3e5fcedae0b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7118,7 +7118,7 @@ static int selinux_perf_event_write(struct perf_event *event) } #endif -static struct lsm_id selinux_lsmid __lsm_ro_after_init = { +struct lsm_id selinux_lsmid __lsm_ro_after_init = { .lsm = "selinux", .slot = LSMBLOB_NEEDED }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ac0ece01305a..9f856f2cd277 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -73,6 +73,7 @@ struct netlbl_lsm_secattr; extern int selinux_enabled_boot; +extern struct lsm_id selinux_lsmid; /* * type_datum properties diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 6a94b31b5472..d8d7603ab14e 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -108,7 +108,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr( return NULL; if ((secattr->flags & NETLBL_SECATTR_SECID) && - (secattr->attr.secid == sid)) + (secattr->attr.lsmblob.secid[selinux_lsmid.slot] == sid)) return secattr; return NULL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e5f1b2757a83..404a573dd339 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3901,7 +3901,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state, if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; else if (secattr->flags & NETLBL_SECATTR_SECID) - *sid = secattr->attr.secid; + *sid = secattr->attr.lsmblob.secid[selinux_lsmid.slot]; else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { rc = -EIDRM; ctx = sidtab_search(sidtab, SECINITSID_NETMSG); @@ -3979,7 +3979,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state, if (secattr->domain == NULL) goto out; - secattr->attr.secid = sid; + secattr->attr.lsmblob.secid[selinux_lsmid.slot] = sid; secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; mls_export_netlbl_lvl(policydb, ctx, secattr); rc = mls_export_netlbl_cat(policydb, ctx, secattr); diff --git a/security/smack/smack.h b/security/smack/smack.h index 66b813e15196..44fd5bc8ba71 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -303,6 +303,7 @@ int smack_populate_secattr(struct smack_known *skp); * Shared data. */ extern int smack_enabled __initdata; +extern struct lsm_id smack_lsmid; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index d2186e2757be..c6dcafe18912 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -524,7 +524,7 @@ int smack_populate_secattr(struct smack_known *skp) { int slen; - skp->smk_netlabel.attr.secid = skp->smk_secid; + skp->smk_netlabel.attr.lsmblob.secid[smack_lsmid.slot] = skp->smk_secid; skp->smk_netlabel.domain = skp->smk_known; skp->smk_netlabel.cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); if (skp->smk_netlabel.cache != NULL) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 654b8a66df3c..711fb49b4d5f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3720,11 +3720,12 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, if ((sap->flags & NETLBL_SECATTR_CACHE) != 0) return (struct smack_known *)sap->cache->data; + /* + * Looks like a fallback, which gives us a secid. + */ if ((sap->flags & NETLBL_SECATTR_SECID) != 0) - /* - * Looks like a fallback, which gives us a secid. - */ - return smack_from_secid(sap->attr.secid); + return smack_from_secid( + sap->attr.lsmblob.secid[smack_lsmid.slot]); if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { /* @@ -4701,7 +4702,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; -static struct lsm_id smack_lsmid __lsm_ro_after_init = { +struct lsm_id smack_lsmid __lsm_ro_after_init = { .lsm = "smack", .slot = LSMBLOB_NEEDED }; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 3a75d2a8f517..9cda52f2ec31 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -1142,6 +1142,7 @@ static void smk_net4addr_insert(struct smk_net4addr *new) static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { + struct lsmblob lsmblob; struct smk_net4addr *snp; struct sockaddr_in newname; char *smack; @@ -1273,10 +1274,13 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, * this host so that incoming packets get labeled. * but only if we didn't get the special CIPSO option */ - if (rc == 0 && skp != NULL) + if (rc == 0 && skp != NULL) { + lsmblob_init(&lsmblob, 0); + lsmblob.secid[smack_lsmid.slot] = snp->smk_label->smk_secid; rc = netlbl_cfg_unlbl_static_add(&init_net, NULL, - &snp->smk_host, &snp->smk_mask, PF_INET, - snp->smk_label->smk_secid, &audit_info); + &snp->smk_host, &snp->smk_mask, PF_INET, &lsmblob, + &audit_info); + } if (rc == 0) rc = count; From patchwork Fri Sep 24 17:54:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516503 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A60E2C433EF for ; Fri, 24 Sep 2021 18:17:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9234D61164 for ; Fri, 24 Sep 2021 18:17:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348029AbhIXSSk (ORCPT ); Fri, 24 Sep 2021 14:18:40 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:35099 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230479AbhIXSSj (ORCPT ); Fri, 24 Sep 2021 14:18:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507426; bh=3o/gYp9R1FqTT4YKi/xz/1vzAZtuq9lFg4B2d7iBOHk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=TXvz0DzW+HnQCrwHYaXcsK0212V63NNasig90Z44SMkrB/2k/KdGfObzdLMi8cPSJTdDa/QEHetBcxYlEoA64fBfNy/MdnfAcFXfgU6UOSCTfD5ecgxh0IonHSu9ivBuxHB2XFmDjG9kNUEZ7J4R8RNJoluydXH2eoKnF7sDrfDPUjjBPTHLZLmrO7jcDNOxuSuO3AjKCRhAianl+32GMnir2xQVEuMOdz3h5pKtw9apcgOIH72WsaCACM8EG2V/dkUyIXt/FAjxzkpdzZewj51nxV8ZBTHLI9jyaqWDsrmg/qPbJe0cO+ibUDNqX3cgtre94teu2O8y+CAFJZ2WBw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507426; bh=m33FgLytvz0fzG+QrvJKfdl4cieJvmn7V9AagHXiFSD=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Kdn8hdHonCoe0kOQrXxPIVKnxK9jiPldHLMJaqSDHB4oznT4yfBp9g7MrFWohwI0nF+LpaCW0mtBlu7JqxAe/prE2CMvSLX72GgOx6jsZyQh3hNbB4veicyXTgRfs86qctT92tnMTMkqVCgBcxSBpw3OdcaOcssGemReFr1miaAAStFTdW7ZIkC6UGp1uFcrdbsHUD8oCsK9P+RbmzcA9mqJ2Rm+It7ixVHy3RcDRmF8J7JNCX6fEiofxJmqB5gLLztxn/r4k4tJDN3hF94O/YRy0FETqGj2E/cVZp4iTUiEN4OymlHCGQ6Sn8VJkMoA4c6efXCMyhEujuq8K74DPg== X-YMail-OSG: 3vxk.AgVM1mcfqnuAShuHv5kW5p1LhjKSN891gsA_qsxrWmZjM9DwtBcOKaLPin Z.clx_N52CmuK8F2ijU0lYuZ39FJMQ3yVGsptY93hCfv_z0h.ZQ0i2td9pOHZrZ5z6oi0voMJtts 4ooUbme.PoawBW._bmdOyfUs6yPRibJyP_FBEFJUgqRkiiaALh4lo7XFoD4.ONdILBFLhcg6eHWK hHcDEpqapzAdiOJux70UHmFtZRluK.ER73_dusJVzITTQY121Muhf3lW0e9_sHUtFl_th1JdRG3o vsZJ7XFk63CBq2i_Nuoeies28Doe9X7nyWCxWNgfLQrMPQ6Bty.xYeb2tkhRweDOGuuYf9eCKeHr 6PDJh4bBVhsF11fTXfYs4d1Q1gFeWM9UXFZemWmolQNVPXA88Z_YrxsAJ09qaWeHRzoL4UOS7Y_y hTJ_EVZyuKP.ePBlKmoivTcrnWSWyu4MsZESvY0O.fP17x4.Vxy_dED8PYSVG6nbjZddH9pE0FoK 1abcdNMCFKxRvPZ8D2WDmNgqQFwbzcm_jTi89hwOutsgranevOG3rYcZcj7yC7v_m7Yk_T1bjhs6 yucEAUgMSjus_xnsSFK6x3RdTQ8Yg7yGW_m_d0HH6FK4EJPEtcFhSO1kNmW6riR8oZkCljC3ySl. czXNG7eueqEWllMHwBbjFuf53DUlzUQeUO6YVLXXTnjes6xy462Vk7wfSWt03RLoS.3WkPeWmtfl u1QqqK2S5rxYDAjNHKG1sHay2XB247L5X11tpl29KoZHfbG1XARplXbhULlCLxqftKITfG2_dVDq 7dwMDu6pCgA5WHzPpltgHOdvuzZe1LV47urkma1TOVVIudXPSuPfkDbiZj8oXIDMrb._8yojEBIH 24mbgoe5_DRmLCpowS.fF3wHZVkQzUCHuqvsNKH5WNjYLdVdL5m.iJDsRZSKLpTj30kbK0arzU_h iXnuD4AZubqaMK.vXvHgsiJhMC7MnUMPN_oZP..0LnJD1bzYj9LW5Vetsryd2VCtyhOcRTj.WKLe etMHX2HBmi8eboKBVsYS1dLFuzItx.MNDUPk4XO59r_xWPtt0fIjblgOSO4cXOWqXzkNc5Cn0BGp eBP7jNNuxp2sHYMgJdx1_mH2iQQB_iC39cKGPyM8njT.a18J9jswZpKQBrLOLdnHjpZlDf4slHzw JmCbPgWlCjMZTuJx805Fwf8r.qBs5qv.3Td.FUFZmPueC8UWHWTVZBCXFGa5zvC5KzhmAo_Kw4JA PpenvFmi3u3ikrpe2PagEUO8jSAvJ71ese5.7cVNYAddzcU3CdVykfNLYRMkAxyRlBPJ03qyNhgE eG7M4TFG.gdYfmDmdi7Q3JjZDqYPNiV62ivTr_2n8tlxNxyy51b40vXMwRq9B0tr71mh2t0zVeFe w0_Iiz6zJozVuKArRp2c4PLMU2DjJKPbkEXEHMqiRsqHZd9uHw65iAoon03_tvDQgyVEna_5Cw0w 7hcS0O3TM81v4ZQAX9nsxqiwzIfaWzb3h3Sz74RIt6yp8IAVE1owsU6RtmKqiikvc60WW6d3Sm.p 7Nwuj37psnHz9DCTfrVF7zIZk8o6vlnOr5q8lkDzfqjMUti5fzMcLAOLtizF71SAmVpPbVhMHeKj NURus3gcA8GIWAeJzmoKQ8K9p0ktQ80At1MZzKTHFidWXzcpbs1aTgWjDokboQz65a79QeUkVyyT Mq3M_g_0iVBy2xv5eMfZISHxy.TB81SFporCNd.S5eH1Xny8C5amAaWDRDdWH5QpOWrTRLud__rG viBzH2wMbNYOF.FStxL1ZQYI4uqYQABRNO5Sydqvben1AoveDbEtyNksmoK7jCSf.Fc4bETUdzQK rJ5DPBpFjoLtyjaEgqfmtGRVKmzlGaB50mrYtm5aUT1L0B6kWCZAaQOH2veCYehClKmrjkAIaZkj e9BmPYFePuZO81KTVzW2TMoKBMfnvxBB7sM6evpgK_7RPiZs55IT2_3CnVmdY5_FV3izjTQP.4o3 _pPW.miGUmFN4B1L4tTkkfda0KQ2vYVKlS71Ef_cCxawOZ8CyRQzIDfQFP2FBnxXDqdIqTLU9Ivv JbBTVJzGezURmR3UFWxaqaFoguB4nsj.RBUrZPT89H9PmoH5KeVNyjLw_hk.wlsiD7lyDWY_tff8 TEf77paSpOoXMydB9CLzhDvy_lWLMUWd.I9stCe665J379FkXbuvE3RnqL9bJMV_FdBuJjz7.4on ywwiy7f_UXQwlbe_fb8Lv1D6W3q42zGLKrCRZ8THTlQWHu.nwLQljPt9mAPi4tHumFpEAMCCegj0 Aw_H9J6SJVIr9TAzfqwcKcbKb1cXYFcvvXkjVH3ZTZaTGxsNzeb97dBP2Zwd2fCLnJOBmw0wedL5 PHKJ8YLjxfLU- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:17:06 +0000 Received: by kubenode520.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 84bc1450383e59aca3126902a17a8bab; Fri, 24 Sep 2021 18:17:03 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v29 20/28] LSM: Verify LSM display sanity in binder Date: Fri, 24 Sep 2021 10:54:33 -0700 Message-Id: <20210924175441.7943-21-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Verify that the tasks on the ends of a binder transaction use the same "interface_lsm" security module. This prevents confusion of security "contexts". Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler --- security/security.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/security.c b/security/security.c index a61477c6b0f6..155da0e9b778 100644 --- a/security/security.c +++ b/security/security.c @@ -860,9 +860,38 @@ int security_binder_set_context_mgr(struct task_struct *mgr) return call_int_hook(binder_set_context_mgr, 0, mgr); } +/** + * security_binder_transaction - Binder driver transaction check + * @from: source of the transaction + * @to: destination of the transaction + * + * Verify that the tasks have the same LSM "display", then + * call the security module hooks. + * + * Returns -EINVAL if the displays don't match, or the + * result of the security module checks. + */ int security_binder_transaction(struct task_struct *from, struct task_struct *to) { + int from_ilsm = lsm_task_ilsm(from); + int to_ilsm = lsm_task_ilsm(to); + + /* + * If the ilsm is LSMBLOB_INVALID the first module that has + * an entry is used. This will be in the 0 slot. + * + * This is currently only required if the server has requested + * peer contexts, but it would be unwieldly to have too much of + * the binder driver detail here. + */ + if (from_ilsm == LSMBLOB_INVALID) + from_ilsm = 0; + if (to_ilsm == LSMBLOB_INVALID) + to_ilsm = 0; + if (from_ilsm != to_ilsm) + return -EINVAL; + return call_int_hook(binder_transaction, 0, from, to); } From patchwork Fri Sep 24 17:54:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87577C433F5 for ; Fri, 24 Sep 2021 18:18:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6B3E561250 for ; Fri, 24 Sep 2021 18:18:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348022AbhIXSTv (ORCPT ); Fri, 24 Sep 2021 14:19:51 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:44554 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346262AbhIXSTp (ORCPT ); Fri, 24 Sep 2021 14:19:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507491; bh=Agpf/fG0Sx+k8/NpwK7vAPHjo1UT0GHhFZ0hQjWMVoU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=PsSCh6hCZjqMOayrrNkfzv9++vvzeX70VJcGXTtIn2w7syreRyND9vg2ZSevyzA68U6aOmD5WI18TWDgPhGli6aCjJJKTL+I1grbQPIZxwBHHGvh63jkOJ5D8k7QeK90yaxUQzbC4uh0qmjiCwvlRawVkE9ntocpaRylh3WU2a1nRImrq4AzHQBwmopMy/U7r6vPZoz9grwpCWMBapHWkCsuFxXOLmUdsNu2BIaFaf8+vMSvIPyjgoX31BngKEau5X9/r4387kYGmLbBTbJbz7GgHVMjs7vsvCbnBA4UpYnDs1HfyNG2HWOn0HzltOCW9Pq1ExLdOSGKd6YFWYZ10w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507491; bh=5OBQWR8ovwwNr3a/7kaV0XznJGE8jC3Y8+0xl9NdxOX=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=CBKJ6HzZH5MXJBEnPvoqB2JsHE8UNgtWIAWhYCOoSY/P4RSH5Hsq1Rdvl2niic05fJ/v2F1Fft158TlMk1blznmpcvrDYhkNmwbgZB+pTZWgTuaBYEWa23pmgSzyyHXMk4b9LvyezCoZSsx62OaeLMxiyr5f1tp+InrgwC/0prTQFDuDpyIh3r3GVIttzJd18Z0JbQR56nXviNmrnVopoA+p+bm75gN4pyZxH0egwtUZgLVfHGmelVRs6Q+ZVEwlpmGgxiVKG2j2Bw0LLOx9vmtyK8dFOxtxiqhapF4By7p3BfMxneR709TYfN8oeuaabw4y/C9m7TlhZqo0ekr6ZQ== X-YMail-OSG: Dc7LvCIVM1miL5GgB9pczW0OJrITRCJO81qVfnz3tzxpLX67skMrBvf5iyF1ceg iNDBWOGc_mWuT0hSIwyO4jHfBAXBn2ZvIHPVtbnB1cSn6iRrn28pfPv0OKa3cKcOyTD.okPiWRyK RRW6jyZXcpLGnDrIOWAQaILYfp4_MZiknwtC9mnPYuOrtyamTrPe.LyXBBBeGR1DCzUPHZvb9K.q FlOEw.I3ryIvr1djrwyi8wHwVLukiYEzqs8z8Q4xreNbiUz5c32c1H.Dj2QlXz1yQVuptcp19Zey JLJ92Fd9Qa2Y.Vc2yGimBtKXCiLrP.x63ENnsx1T9dUWxCYk.6BnzCV0kuhCKXmfU2giVIiakixb B4aq7TTuE7hQ1jYGvmtEawi_uxWlzUffvuRV8N53g8AkJovRTpXzVuN1_Ml7J5G_oGO2hgHuj0gF cYfog.Chp4bfSfH.r6rhlY8_P5zMbYdp.kO_tBlP9mAgYWlNswey0bg7uJ.UZDM8qR3FAGJR9Hvx SbY6dOTI8qyTTNszEnxVMkNESyI8e4Sv15BgNVsqPuHuGSD1R6WriqNtnO3gPt7rQ8PMhEka2.l2 g_aV4Zco7vX9A_u_W0SUHKM3NJl1xQ4FIfup7V8a4kEUXcV31oDxGSWXC7nGuWTvVxy7V49J162B UatxrlblFbephw.ja5UWefMeZvTp1xAAtNtslUoUg5AoNEdRB8mMflWymv5c4xuw8M.U1O5Ljnow CgdIHcTrs4tqueCCgb8ANCZX84JD4ECQCMl1sjboLq242N1QvWnJxpgMsoVDAfBDPp896dQBvJ.i PWflUjSFHIAfd8z0qVB0u7psKQHzc2aJamgUg4Akl26jAbUPyZhsPFEHCzvWJ4a7KIYulhTSXgJV nWI2IzDSjxSfS_AzRvHw9JlM_Vd.K7KtfWmbvUViVN1DOxLCvwIQDsqUzvH9umbbx21zwXdwPDeO QOihau4LAhIwnCCZ50OJZMfLecabja9_io1.BhNeRX6AkUuuCWcPadjaDaYYS5cr1DZO1SviksQL OMrkSwvg2.Nu1zDYUfbUhv926FPOA1d.CTZWrzPxlb0VRiDexsRLELdIYWWl9nLNyJ0Q9dtz_h9e ee_o8lGEzbkbNOLN94bARGqcahjvMWhCM11_eq0lYuenHFhfctmOhuyF0DqcPRBg0jA4H1aMABsq l.7ajarp30seTFBOOu8.r1OWZVdnUy_PAcvVh5ZLQxx5O_YrphOuGBKOe68N3VLOxBG.ZoFV_mxV MieQDnRWWNx57sFUDklF6Wr2mvxYyf81tbRZbXWd2J3PEPOs.tvqVr5sdUkHMnGK1rLYEReDF9pQ V35NII_ObfCe99HTFyqQZ6sVheYPJGxbniDfjAU7OaEKwYgM14wJ.cfwXF0cAOuHxDkccFPS.NYV nUteA0ttzoc_TnZ2Gpy2KzTP.qn5fbtZ4DBRj6tVgMVChzUVvakkhpd4uMIwCncLe8MnyrUZPMcm Zf7D5fDx204GNbYRlBKCA_0fcE_U71GHW5hWaPE67rydBJXzK2rqwyi1HIHz2fJPjfgkjdC2PmFt wuJZXoesVXKXP1SOBOYVCwHDxTccfZJeT3W3x5tIpja9T0GnY1gTaV_rEgvw3Im25PuwsNS.DY3Q 60C_77VehUgLGt2mF99_9nvmwoz4SGoelwqtlxOWkVobSxDiJn7sn7MUnRDPaxnQE32gaTnKYgaX LSQ28zo4Whv4qFO98Pte.mrqWh9fZo2dq.gs2xVuSVZLC0DfR5KUzeLv1D9lxNV6n7.1yI1NcejH GW02xV5FSeQs6ymsu9O1Bej2AItRLE8r.F6hCfW2rw0GhAZkN8VEkynHkdedNYByGBC.AMSEBPfY CqJ_gQd4AeiZrIPK2AAY4wVTliZl02NW42OPYqwKlWXMQkLZcjgyOgg2AvNEeogCMo.eeIpjACyd nuWg0QLPSsQU.UlKj2QcpqBAI7P.DrCIBz5XGwL0BAb5iSb11VY_R3Hay3cW6CQq.AaDqbl_FSdQ Gc3.FUyjLNr2PXItmN..Rok_4.CwxlN0CoJV0X7Z.sVAxjq68oRPKVTsASkbMgmFrV9A_Z1B7.1V 36MP6TgJqzs8gQ07KO69VWBf2gAgvGgPsdFeTc_.zAWwmPZfEbcqD_74Rz5lIdSSBWynWHwwDtDy V8vbaWe_a.NXG634Nr_gXzogGt8vZ1y63qFm_A3hqoMe1FgTSmGBLJMh9ChCaa9RN00tO1gBpEmK T5dyR5C.gP6exYoR3mk8TPvSzvEltiUGRByF0NV7RA5Jfyj1TM9O2zuSAzZ60VMV6MVfEaT.AclJ cERhViwUA65yRjBPF2cEmLLjpiEjb2uOE X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:18:11 +0000 Received: by kubenode548.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID fe6765e6fea095686f56584b9af1cdde; Fri, 24 Sep 2021 18:18:09 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 21/28] LSM: Extend security_secid_to_secctx to include module selection Date: Fri, 24 Sep 2021 10:54:34 -0700 Message-Id: <20210924175441.7943-22-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add a parameter to security_secid_to_secctx() to identify which of the security modules that may be active should provide the security context. If the parameter is greater than or equal to zero, the security module associated with that LSM "slot" is used. If the value is LSMBLOB_DISPLAY the "interface lsm" is used. If the value is LSMBLOB_FIRST the first security module providing a hook is used. Signed-off-by: Casey Schaufler --- drivers/android/binder.c | 2 +- include/linux/security.h | 7 +++++-- include/net/scm.h | 2 +- kernel/audit.c | 4 ++-- kernel/auditsc.c | 7 ++++--- net/ipv4/ip_sockglue.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 ++-- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink_queue.c | 2 +- net/netlabel/netlabel_unlabeled.c | 11 +++++++---- net/netlabel/netlabel_user.c | 2 +- security/security.c | 19 +++++++++++++++++-- 12 files changed, 43 insertions(+), 21 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 1159b4e44b28..e5b1ba72efac 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2722,7 +2722,7 @@ static void binder_transaction(struct binder_proc *proc, * case well anyway. */ security_task_getsecid_obj(proc->tsk, &blob); - ret = security_secid_to_secctx(&blob, &lsmctx); + ret = security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_DISPLAY); if (ret) { return_error = BR_FAILED_REPLY; return_error_param = ret; diff --git a/include/linux/security.h b/include/linux/security.h index e5fd1711bf8b..7096a60fbbfe 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -183,6 +183,8 @@ struct lsmblob { #define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ +#define LSMBLOB_DISPLAY -4 /* Use the "interface_lsm" slot */ +#define LSMBLOB_FIRST -5 /* Use the first slot */ /** * lsmblob_init - initialize an lsmblob structure @@ -579,7 +581,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, size_t size); int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_ismaclabel(const char *name); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp); +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm); int security_secctx_to_secid(const char *secdata, u32 seclen, struct lsmblob *blob); void security_release_secctx(struct lsmcontext *cp); @@ -1434,7 +1437,7 @@ static inline int security_ismaclabel(const char *name) } static inline int security_secid_to_secctx(struct lsmblob *blob, - struct lsmcontext *cp) + struct lsmcontext *cp, int ilsm) { return -EOPNOTSUPP; } diff --git a/include/net/scm.h b/include/net/scm.h index b77a52f93389..f4d567d4885e 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -101,7 +101,7 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc * and the infrastructure will know which it is. */ lsmblob_init(&lb, scm->secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (!err) { put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len, diff --git a/kernel/audit.c b/kernel/audit.c index 841123390d41..3c6e88a9ff62 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1443,7 +1443,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context); + &context, LSMBLOB_FIRST); if (err) return err; } @@ -2138,7 +2138,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context); + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); if (error) { if (error != -EINVAL) goto error_path; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d198f307a4d8..e87f21cf9494 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1013,7 +1013,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx)) { + if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1259,7 +1259,8 @@ static void show_special(struct audit_context *context, int *call_panic) struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt)) { + if (security_secid_to_secctx(&blob, &lsmcxt, + LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", osid); *call_panic = 1; } else { @@ -1416,7 +1417,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, struct lsmcontext lsmctx; lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx)) { + if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { audit_log_format(ab, " osid=%u", n->osid); if (call_panic) *call_panic = 2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 588e4d2dcd15..680bb0969fee 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -140,7 +140,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) return; lsmblob_init(&lb, secid); - err = security_secid_to_secctx(&lb, &context); + err = security_secid_to_secctx(&lb, &context, LSMBLOB_DISPLAY); if (err) return; diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 0c3e1a8aaf2b..dc31f7a68d6d 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -347,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) * security_secid_to_secctx() will know which security module * to use to create the secctx. */ lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; @@ -658,7 +658,7 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct) struct lsmblob blob; struct lsmcontext context; - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return 0; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index c8825e89a21e..541a49d5be9d 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -180,7 +180,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct) struct lsmcontext context; lsmblob_init(&blob, ct->secmark); - ret = security_secid_to_secctx(&blob, &context); + ret = security_secid_to_secctx(&blob, &context, LSMBLOB_DISPLAY); if (ret) return; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index b6922af82911..0d79832d8130 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -316,7 +316,7 @@ static void nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsmcontext *context) * blob. security_secid_to_secctx() will know which security * module to use to create the secctx. */ lsmblob_init(&blob, skb->secmark); - security_secid_to_secctx(&blob, context); + security_secid_to_secctx(&blob, context, LSMBLOB_DISPLAY); } read_unlock_bh(&skb->sk->sk_callback_lock); diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 60e36324568f..a70269367827 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -437,7 +437,8 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context) == 0) { + if (security_secid_to_secctx(lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -491,7 +492,8 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, addr->s_addr, mask->s_addr); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -550,7 +552,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, addr, mask); dev_put(dev); if (entry != NULL && - security_secid_to_secctx(&entry->lsmblob, &context) == 0) { + security_secid_to_secctx(&entry->lsmblob, &context, + LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -1120,7 +1123,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context); + ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 951ba0639d20..1941877fd16f 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context) == 0) { + security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/security.c b/security/security.c index 155da0e9b778..96b1d9c37d49 100644 --- a/security/security.c +++ b/security/security.c @@ -2355,13 +2355,28 @@ int security_ismaclabel(const char *name) } EXPORT_SYMBOL(security_ismaclabel); -int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp) +int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, + int ilsm) { struct security_hook_list *hp; - int ilsm = lsm_task_ilsm(current); memset(cp, 0, sizeof(*cp)); + /* + * ilsm either is the slot number use for formatting + * or an instruction on which relative slot to use. + */ + if (ilsm == LSMBLOB_DISPLAY) + ilsm = lsm_task_ilsm(current); + else if (ilsm == LSMBLOB_FIRST) + ilsm = LSMBLOB_INVALID; + else if (ilsm < 0) { + WARN_ONCE(true, "LSM: %s unknown interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } else if (ilsm >= lsm_slot) { + WARN_ONCE(true, "LSM: %s invalid interface LSM\n", __func__); + ilsm = LSMBLOB_INVALID; + } hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) { if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) continue; From patchwork Fri Sep 24 17:54:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B2FAC433F5 for ; Fri, 24 Sep 2021 18:19:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 14A7161164 for ; Fri, 24 Sep 2021 18:19:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348061AbhIXSUw (ORCPT ); Fri, 24 Sep 2021 14:20:52 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:46433 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345342AbhIXSUv (ORCPT ); Fri, 24 Sep 2021 14:20:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507558; bh=UCL4F/BNOtkI9N2W2xUHLJGVdatrhATCeOUgKdWa1nc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=HHKrfgF3cPNkEU28qgjAvf+S78nBt0Oo8TfEkhr2q187gUT7qVzI7mVS/ucz773sZ3yL/Z/zOrxjcDzuisES83XIriKxmUQpN+zt913lnHsQqjJjqjMMbiQFkxh+vJWOlyLJ+ET1uMCRISX5GPr+fGwb00JyeXP7RYN36aYoTAd8owSESev67cgoth7lrDazRFusmPk2oJfGT5uraYoGxHkPofhiGPTSzTwnC8CjP2DaDdtB9JYC7QvaFsgi236yZa6hfhFMYq2xW0rEVi7s8tQFOdqrnjpyJbn/tpbZI4YTb1ComPSbhVwV2dCrCpEqBMT50CVN/bBe22xkSYfbow== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507558; bh=5KFmHfxOQ+KGU3M66lknUR0Wm4LlNZyA6mXfbh6pzvq=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GBEHDwWjyjVLj2NqJWqpmFkLgPoI/37OVpNMw4REzbVZOBzPy6A/Da8pnBg741ZyUqRjfnoyD35vZS49WDQjqSx45KwpasH43iQmuadW9CoC2foV5p6Rl/cuU3M8XseDBchG08GGxoJcytzQj/jwCZAUHBYrB4126JYw0mZ6ci+jCKPdTVkJG7VgqqZNMnC1SExNZ437qPkVCP18N3S9A3njRBHaSgdb0NNqlJW8pgD4pfP8cm54vWflfX2nrfomrBZGjr4YYQ19nRPPFS4PAENoD0Hj0KlTH88LF7k7+MNBA1Yv1jg6/NuqwDROmJsRLsV2LZ3OByf7GWOuluVtHQ== X-YMail-OSG: E5AZbDkVM1nr2Mf4cy8E.NQjxLOUe34CNg4IEvQpk9yvatg3oYZOHZ3cQbOw6iz 1NJhvQ_wHHrMQ_wtE..u_yElyXGEjq9aqYHFrqKw_mPxrgMH234pXMwX08xzAKfgdxKZE.LBT3JV 4h.o5V75.OQFiwzJj7YrD4AN6F0ki8a7JXWVrZd1lpe0jr1fb7jESBs2o8yBFJl94yrggYMHUIj6 hnFXDlYo5AItUHVkf.m7qY.umKhCvoWAdWBUaR2Lr9Goq5RKXUYorHIFCnqBunOAF.GR56gjCBt_ 8_eYzYIB1D77XErTSwoGsxkaapjxhWEhnmWrs2NAu9sb5mLm5qoBcTDBhHBe.7zC88lPUcpFvlfZ v8.JxoLPBndtsxVlFbBYXe_tH__eJgDWQR3SG5PyBiQn8mBvyQzLyckGgPC_i1SLoGgl1EVKT2w4 gSFK__hkMBSyDrDpl5EM64tj9men0Pq03K0dsUI.VujAC9nLXPzVUWzv5FLs3btPKz48u3XrH4qJ Fa9LCXfJO0kAR8AOcP4ZdR.vZeMIiLJPPGGZwqdsj9hYjZIdipbhRuYiyRhk8wPxlyyR5d1xmrWb MyWpT_LW69OIcORDx5dyd2CbEaYmZmjn5NvYUL1ufJc1l22lId1N6.FePqVDqMzOtX0srLQpTYuX VTvIl1R1bZ7HE8tdABS7SDa3wZgJ9T7.94nOymKo_hsdaIbhHDwA47Y8UQXQ1edMn5BEeTFa4NLu xtwzYToqogqrmI9LGzktGWXjn2weRR5YYjKi2_qjPriGfGs6PhyH86EvpCgnf9jXBmCJXzpbxmuG Of7AHv4n8dyvNEq7gf_zO2nWitFyt8iLTVasqOEQvk_QlSyKgzNU88EOMChX328110evm5clBTKe 2g3zCgP.lv7Uo4o2J_zPxJ1Mj1zGsSo8CWpP0SAjEXjNXh6kRxh4d6go2AH3_wmQuGXXaLv099KT st3b.1_uond0QwOM_OC751Thdsn8ZcUW7LMtzg_X0GfBNZPp7rx_g5s_qA5_0PU_sOeytKzr17S4 jGA_Sq2RClNwuqXBpQir54lc9OemG6iU1rPFurHPV0Hqzxs.a.HTI5NNfp714_ZuyrXPdwSlCnht 70PZQATSvLQ3Hv0bPhfYRRLALQV0KPi6I1.aFjxv5PxkRQUyhSW_VFvnt7ZWzBQIl8A.sSzAppJT UA6G6rwPGo1Bg_0oaA1wXG8uRVquM5UVjyjl0mQdmhvNLvEhjrc14TqBZJ_4F5JF2ttbcXkydH.I tXUfDD4ZyLKibyCMXGAqbQw2HIrVymUaYnbwdichjOeYCQiiLR_k5kGezlH3Yo9DAhXvQK99bMAR phR2U8kzrrWQ.4ZpBSUWkd1sLsHMFr5ZB9z0rSAM_c2Qxevp9XW.tOCvf7RBHA_r1W4tw.ohyyIu BI.h28eIpN8eK3fsNie64wGDl_Uz9E_uTWmzpZN8MpxMqDlLJiYU_Pb4ZUY1Qc0dA0xYgHW1pc9C kaS.tcwlSfRPdd4LplSf0ZqCWncYtmTcUxu9MXJzdV38jM84iLmHv1OtSi6l7ZQQxAgZTBSPNlGt _I3uqMxmDwHh_6arkNXuhvoGqloF6V6wpl4EjSnZwKVadYznxX1pmXmui6Om5on_Lad5BMMfdXYL 9tNycvaDwLZcFgUt3wr1zf3KC6sO8v20BPu0Q_MKwQJDyj6vEvRgnbHGZN.CGLYQr9JJCV8iMdNd iQKoczM1osKFhT4jeFY7u0vVCKOS2wVck1ru2Y9q2rKj4CGOMr4knK6cFteHZD.Kgdz95WKOz6xw V74xJGspLm13fPvlhtEMTQYjY3Lt1n_ff6_P4GikVzFe1NvX5MOMUeURzmrqFSJNzOmm6zWnmIHc u3EfKZwnTlw88P8ArtlC27d8rGYLw5EqbRae9SHduJlawaaNWrTN6H8DlcwYqN5S8W6YbInDyU.G ucx2UvNcPjPIprcalM9Zd4pTGwK8OWligTU6Dg0e3yi5ylHPkFUzXdnNFBsNpgr8sHkp6O7kj8kf qc4lMdf1AO_.hkRUHrPUszCXn7EHgrNw1koQ0LeTwMFrsOZmjnikp7P8WfwJm52FT12M5PrCnT2. jHqIZBGdbZEqhQd90mpw2uOVj3nO7PSOiJnYC_vUpuC.LhfTkDWD45xW05YW_zGkRXJOosmCkAAe 54B56fSsmp5.dS3WUWtMTAbQEHeuaMpySpjhbQm7_XzEvGU0i_xBGMKbQBzQEMIg1DhehzKBTFtQ sKa8staeWgElujB18YSyJ7cjKIkDkt0tBI3rLwaTQ6evE7VwzaN6bf65sA3lV3qBS__xxI15WNby F2es4Jwf29wuB0lHvMi32iUHRNTOIV1g- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:19:18 +0000 Received: by kubenode508.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 1d3365360bf2498a624d7dcd82348a6f; Fri, 24 Sep 2021 18:19:14 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 22/28] Audit: Keep multiple LSM data in audit_names Date: Fri, 24 Sep 2021 10:54:35 -0700 Message-Id: <20210924175441.7943-23-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Replace the osid field in the audit_names structure with a lsmblob structure. This accomodates the use of an lsmblob in security_audit_rule_match() and security_inode_getsecid(). Signed-off-by: Casey Schaufler --- kernel/audit.h | 2 +- kernel/auditsc.c | 21 +++++++-------------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/kernel/audit.h b/kernel/audit.h index d43a08eabd86..f3ff2bd31459 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -81,7 +81,7 @@ struct audit_names { kuid_t uid; kgid_t gid; dev_t rdev; - u32 osid; + struct lsmblob lsmblob; struct audit_cap_data fcap; unsigned int fcap_ver; unsigned char type; /* record type */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e87f21cf9494..e960410cf4e4 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -698,17 +698,15 @@ static int audit_filter_rules(struct task_struct *tsk, * lsmblob, which happens later in * this patch set. */ - lsmblob_init(&blob, name->osid); result = security_audit_rule_match( - &blob, + &name->lsmblob, f->type, f->op, f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { - lsmblob_init(&blob, name->osid); if (security_audit_rule_match( - &blob, + &n->lsmblob, f->type, f->op, f->lsm_rules)) { @@ -1412,13 +1410,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (n->osid != 0) { - struct lsmblob blob; + if (lsmblob_is_set(&n->lsmblob)) { struct lsmcontext lsmctx; - lsmblob_init(&blob, n->osid); - if (security_secid_to_secctx(&blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", n->osid); + if (security_secid_to_secctx(&n->lsmblob, &lsmctx, + LSMBLOB_FIRST)) { + audit_log_format(ab, " osid=?"); if (call_panic) *call_panic = 2; } else { @@ -1972,17 +1969,13 @@ static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, struct inode *inode, unsigned int flags) { - struct lsmblob blob; - name->ino = inode->i_ino; name->dev = inode->i_sb->s_dev; name->mode = inode->i_mode; name->uid = inode->i_uid; name->gid = inode->i_gid; name->rdev = inode->i_rdev; - security_inode_getsecid(inode, &blob); - /* scaffolding until osid is updated */ - name->osid = blob.secid[0]; + security_inode_getsecid(inode, &name->lsmblob); if (flags & AUDIT_INODE_NOEVAL) { name->fcap_ver = -1; return; From patchwork Fri Sep 24 17:54:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEE35C433EF for ; Fri, 24 Sep 2021 18:20:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D30FA61164 for ; Fri, 24 Sep 2021 18:20:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348079AbhIXSVz (ORCPT ); Fri, 24 Sep 2021 14:21:55 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:43338 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345403AbhIXSVz (ORCPT ); Fri, 24 Sep 2021 14:21:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507621; bh=GTrFRnMTSie8hlZrhuV2J/+6ofhCo/c+/ma62tlftGk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=k8hHOGvbBCIAK/mIQREXN2nzeW2vBSzHzOTORMJ4cD38FhXJ2kzUIrilDKRCeya1CaotQY/b+vPKSTxCOn2PwGi0lXQ2MPBQsfvt6+Nj0FUTmUGKoYRb2HqwPQot7Qp2njdJCoRivlZbLmFnjDE9eR/xob8ennVJ7opHbpf8PPYhJRmv4Cli2E1X3wk8R8LRhGaMrL5TXbKOTVTFoTdrXinQaKJP4XK081CeaiUkJRrZXqGRDPyZLXywAtZ2kPED2bMHz1el9T5Yy1R6yQIjsnpMBlaF2Bt3CGQWYTpq5IHRVd3vrTvr3GC33dsCI54I3BxHYA/WIO7ZVv06QvPsVg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507621; bh=uLguqGOwjtCs1sBide3aF78AgwKSdJIvuXUmQd6qw2v=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=mAhpaHzFl/ytc/LnjIfy47I0NnUGAeAaeFTmyl0rpNH3wurwyZSK+b3k1svf9tSmK0wnSvmNgPOHblIf1qvD0fAHSvkbW8eOPaMn6X9eVtQsOssfIBbRtAf60TO01l1oYNeQomWJgAqc/vh2E4m7WvEPtLEUjkXEzUaGfJ0pAtQ0+E60XEZgsVdaVc7UeSLxKQb+Amylw8rdjD7fa6QycZR36nObQmYPf8/z22Pqlilu1rlgUX8ru0ij4BHQOjCiP6iTzmoOaCu7FGnrcKNNKczU8DfBtAdHdeX9rXuyLHHn5bLCQTV4Bja890QADcjsOHA70iNfe8aLK0NrOsBAMQ== X-YMail-OSG: fB6jvCQVM1mzoeyVE4EX5qkXdoexjcor4S0YB6X0TrTEY3L3FQPmAUAqH244.Ij g9YGzbMKSoZ0PH7Jp9f9ck2N2d5D1oqQLMq0fJrQnNCOvztIrpaXFrclJIfbSDwkPXRWyN_dxh_I 1IhN2fW39yBPhDpS3orlTcbLaGzbpmCrolE4JhE4FX0F1mgDakqJIyMboxwtGwYvukRFWpzrvmUi nKzVSK542p9IxsqGpxdQZH.uOXKPqFArR9uMbyYoGWQOJ41gXRj3rj39XNfc2IAy6g3owIsmd.u7 hMUquFIo77GIj.v2JXq7D6LpYBIM6HXjVruD7x3cdg8wk81FYa7Hdfiz2cfjitPnINglVbrRvAhI DK_rsMyHkhogPbexuGCEXoIQFxIjzhgSdkP31q_RahRT6iEbgP8TvSpgZLPg04Z1N1M3ZT8yv_Dj FP49rYIEi1IFOZJ9V4QrDaL39LZoZ5.hOflMHo1OXNDKPntMW.Q4.a5AJ.3_qanUfhQK..JumQfv DYdgYAwW1BpYbyki2et34ZYVM0suQhI.zvuMDQIyD8iC_0QpjzjSd8PG5hy_wXLGwTjsd1gS0MLx RRkqXvbN3mNk.j8pGxlxsh19FtJBJN2qImu9Tr77ORxbIggCt_PrtMn5QAafLA3Dv4cFLUnNVb3X Ou11uf1Kmv0bXgB4O4nTRGuw6P.zTurg.VjrTr5MT.up5z09CTYdBhOha78KcLtrwZMZRipN_dYo rK0gFTEq8VQ76VQaMB5vrCIY0UqoysXVu0txvfHxQyVkENa0BtYIgSX33EqfhglNFmyA6D_bBaH7 74QQNOqFPcgs80Pg1xAxwOIg077y6qE8WkupP.SXJZ3WLjUjD8OP1o619y999Fc2UrAfg5e0dA8i Dx2GyPg8Z8e5iTwjOzS2Kf_7OjXl_gZ2Yzrq7UCuo7uiw1kUAOira.zLsi0FPzeDMc0rtlD9OkwS dSvv0OJxewNW6lHZhfiXSj5Oq5_9AjHmqNrxXYsyMOs_p3SG6P_Pnx62nGeAsmzf.mT_UlxR1Vwp FiX54_sLCpnzhRwrjvD0dr.dXZWoa71iZOFh5ElVc6hPPcvBaa3yALAhaMEP9ENmoTMx8ORLbjH_ XuVcISArfpTO84VRLajrnDaW0uL4BC2hKf6gMrHNvXlRQSQYjKxQ2YNayDwctwYOpDyvB_rk6D6K RhQMoJelYfBcr49AYaR.0R1T4HhgsyHf4ZTBsUfbCiQIrMFdZEvfSoAmm9O4K8pCoK3LmEvSkJxm nA7_6Ej54A78mWC8RFHpvNzTONc7hGZe4PCYEJvIEr3jAmiatdx6t.CPoj2Jz7w_4tTPfegIjUI8 0bNg9GRHtDgPrPncLZdIir2lCa2UYkaZ2JTNdYtTsu4.XmMAg6D.wJjFgy9mSmw9xHM0Cw5g3BMe sxpIZ0abRFJ3ven3yqSyJbuuQnbHlRDyTMXenuXR.TynmwgSyj_Kyr1H4kTMZsvMbdzPxfUBesQt 3L_.oDr4xyTuUnqgLxaVyjeAy1ZC89x.0HXNGMzw56ao1IPgUCojil7a4iE0xoEfP4tI2XnL7LKQ P.uTp4xdc9ElQoc5dB81XfF8bn2fmLP_N6pCfe9C0..ZQRWoRn5DZyS8SjIiqiEPGy2r9MJ6fwtd .oq_Zzbd01mUVwX_F3yn8T2gUiwi70RXqP84y5iEDnthj3coCjcMl3vlfmd0SKAal97GXPClw8WS f.syZF2E9ByO64YtZzdKjP.2IOwlga.V_yNRSrC2k.dN5L2Ul7Nw.eYBvBBAC5qdtATyx7LFf8cx QgAJimoMVBkpylk4utAHBlBUHe3i4XGpoH.6vwU1R3xRzJiZk3zGMP81wNqxjyQmB3PS5aTBE9wt 3tudXDypNlvJkxPz.DjbIhnOPRnJXBqOFB2j24CaA3ZDGchCnBHDDZLrV9oNau6_gxy6nDBadSYK rLf8sanMPenrg6AHoqQ7P.fFFadVmieIUR5WpityWR9IU4JnZDaoAF4JgFayoEuw4Yl_npIFxl.7 i.bgINyCrPfP65nmSE5rFrTPraWVmB1.Me73LI9af1bIiRPPAoLiBUDPH_C.Dp_T5OBuptAuVjhZ 59gk.8K64zl1_682j7U5G3_NmaUHcQ3O16xo1kkr.wgznRtLsuu3JGvK8JydzsUauDD5K1GpJdon OkGQGybv2pV9YC7RRepx.YyqWdsau1QgXPJwwfdAs_BED5SRag3Orlgp42jgm0l_c_KRQqpz4bxO WN670uY00MJoaPxzB8Pp1jIxwTS2CsvRCatJ8HK_UadCa4CAg4woKwWtmtDewLJl3aEQB2uNa89R WRdNVpdHch4OXh1v9qadLVfqhSfiqmXpRXejZQu6Oi86oDFpfSspDSDNnTS5zwc_MTmyKXMxP3ar sthQ67797_Q-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:20:21 +0000 Received: by kubenode526.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d3985b54882c55e1c6a279a8004cdfa9; Fri, 24 Sep 2021 18:20:19 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 23/28] Audit: Create audit_stamp structure Date: Fri, 24 Sep 2021 10:54:36 -0700 Message-Id: <20210924175441.7943-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Replace the timestamp and serial number pair used in audit records with a structure containing the two elements. Signed-off-by: Casey Schaufler --- kernel/audit.c | 17 +++++++++-------- kernel/audit.h | 13 +++++++++---- kernel/auditsc.c | 18 +++++++----------- 3 files changed, 25 insertions(+), 23 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 3c6e88a9ff62..069cd4c81a61 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1786,11 +1786,11 @@ unsigned int audit_serial(void) } static inline void audit_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) + struct audit_stamp *stamp) { - if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { - ktime_get_coarse_real_ts64(t); - *serial = audit_serial(); + if (!ctx || !auditsc_get_stamp(ctx, stamp)) { + ktime_get_coarse_real_ts64(&stamp->ctime); + stamp->serial = audit_serial(); } } @@ -1813,8 +1813,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct timespec64 t; - unsigned int serial; + struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1867,12 +1866,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &t, &serial); + audit_get_stamp(ab->ctx, &stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); + (unsigned long long)stamp.ctime.tv_sec, + stamp.ctime.tv_nsec/1000000, + stamp.serial); return ab; } diff --git a/kernel/audit.h b/kernel/audit.h index f3ff2bd31459..90d98121895f 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -98,14 +98,19 @@ struct audit_proctitle { char *value; /* the cmdline field */ }; +/* A timestamp/serial pair to identify an event */ +struct audit_stamp { + struct timespec64 ctime; /* time of syscall entry */ + unsigned int serial; /* serial number for record */ +}; + /* The per-task audit context. */ struct audit_context { int dummy; /* must be the first element */ int in_syscall; /* 1 if task is in a syscall */ enum audit_state state, current_state; - unsigned int serial; /* serial number for record */ + struct audit_stamp stamp; /* event identifier */ int major; /* syscall number */ - struct timespec64 ctime; /* time of syscall entry */ unsigned long argv[4]; /* syscall arguments */ long return_code;/* syscall return code */ u64 prio; @@ -254,7 +259,7 @@ extern void audit_put_tty(struct tty_struct *tty); #ifdef CONFIG_AUDITSYSCALL extern unsigned int audit_serial(void); extern int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial); + struct audit_stamp *stamp); extern void audit_put_watch(struct audit_watch *watch); extern void audit_get_watch(struct audit_watch *watch); @@ -295,7 +300,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx); extern struct list_head *audit_killed_trees(void); #else /* CONFIG_AUDITSYSCALL */ -#define auditsc_get_stamp(c, t, s) 0 +#define auditsc_get_stamp(c, s) 0 #define audit_put_watch(w) do { } while (0) #define audit_get_watch(w) do { } while (0) #define audit_to_watch(k, p, l, o) (-EINVAL) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e960410cf4e4..0fef12638d8a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1700,11 +1700,11 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, context->argv[1] = a2; context->argv[2] = a3; context->argv[3] = a4; - context->serial = 0; + context->stamp.serial = 0; context->in_syscall = 1; context->current_state = state; context->ppid = 0; - ktime_get_coarse_real_ts64(&context->ctime); + ktime_get_coarse_real_ts64(&context->stamp.ctime); } /** @@ -2209,21 +2209,17 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); /** * auditsc_get_stamp - get local copies of audit_context values * @ctx: audit_context for the task - * @t: timespec64 to store time recorded in the audit_context - * @serial: serial value that is recorded in the audit_context + * @stamp: timestamp to record * * Also sets the context as auditable. */ -int auditsc_get_stamp(struct audit_context *ctx, - struct timespec64 *t, unsigned int *serial) +int auditsc_get_stamp(struct audit_context *ctx, struct audit_stamp *stamp) { if (!ctx->in_syscall) return 0; - if (!ctx->serial) - ctx->serial = audit_serial(); - t->tv_sec = ctx->ctime.tv_sec; - t->tv_nsec = ctx->ctime.tv_nsec; - *serial = ctx->serial; + if (!ctx->stamp.serial) + ctx->stamp.serial = audit_serial(); + *stamp = ctx->stamp; if (!ctx->prio) { ctx->prio = 1; ctx->current_state = AUDIT_STATE_RECORD; From patchwork Fri Sep 24 17:54:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A397C433EF for ; Fri, 24 Sep 2021 18:21:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2D74C61164 for ; Fri, 24 Sep 2021 18:21:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348089AbhIXSXB (ORCPT ); Fri, 24 Sep 2021 14:23:01 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:35333 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348077AbhIXSXB (ORCPT ); Fri, 24 Sep 2021 14:23:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507687; bh=rvCi4pnsy6UYY4nylaGEogT1My30kNvv4BtpxQ0xsVg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=f+xpP0XeKASGUajgaWl0y2oZ52nzbHJs1XSzMjOUOfw0R1BwLJoGiJNjohjPzC8pZLc3wNP08A8vYZwJYTX3HzO2XL2WtX6IlZskukaRPK6T+art60qveIKitdfskWTPWh2UgubDuI8R4kBtl/Yaykw0mUlGuQid5z8h/Ue46aHqPDOk/c6efWWCQNxJCIbf51lxsTUfbST9+jVSd7zqhXPhcV2LJswg7+uFZx1+OEo4FR/iPodGI5xijza4E5F+e8F1K+McFhnYbat7D3kTMwsP61rpMtkt8lrHNcwXZE35ST+WcaA1jqLc+2zYh8YnfABP6zF1KBpKUbasfC5KKA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507687; bh=AO8dD0TRQshiX+BD9j/+bDqJBD3Y9N9NyxJF98dOnF3=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=hi2dNjWyYStcuJ0L5/6gVQxEizGQh3KSMY3qVRU3gjratQON6Cd+4FaKTrJIu9cLtDF8QSg0hMJLQaTSATVfyLa2DDBxP6efQw0l7/3H6AVBxJKTerdcMVBCyFWCxmFBk7LKwn9ui1prWAeelxOr95XQzPuNRw7kgE12h2Jtag1RqD59XPFqm92sO9wc7oVT+Wqb6H8nwWdothi0rKhJrqba2iOA0WXEEri4oTuNsHb2SuOqL3AP1eqsnXFx0U8IVp3JtKQOggNZSAcadFUk2sAYKZeaX0gM2COQ5yL1WQTamlItfTDAO6/doNs/YKEPsBYNapQoIUx7E3WTwC0HsQ== X-YMail-OSG: RxGJQ38VM1lh3csaUoBkgkzajAj7w_wmV7.OOQypTmEOaAlq55buUPPP_gFKN.m 0ngw5UcslnigF6OxPU2Dq_6unndCTQtezt5iJyPZjomqyiUTQxLSX7DDyrBHw4CmzGPoSHF61D_5 Yqt3SRm3Mm3UErB8QjU4lC.onqfBWOoED_NhUJy5a6Oydfwf4c8LegL1UclxqtpBVVnqkRH.JLH2 p0uZAT63w3dWHs6hRbAt9F21bArRfdR3gbzNovvn7mXEZLGYOKUXuY72qPAeDVJfoYKomo2TbyKm K01o5leW_9g87TGQzaboPHq9yhx6HmFqiGj2iWBf4VVT2rcLvgwKw71bW1vZZ_d29.AIfgWoXXm5 Q0sm.HajXqCQiRggsYQs0Rpj2r1hISAZKGf1scG_6bvrFT5CdSSLEhlN0USFW9af6VYcYO6Mx6dH bYJ3m4GBK_p73uCXKhJupsxiVFZyrni3s4DYhXjiVg_ZWatJz3VSlS6dPTOew6c8DYQVyb89q.iR Tvk8a0Dsl7gmjiNM81SNc_LhiI2SgR3ECaOOVaLz1R5peDITA4.AmB5I4kIJKIbFpJI5quWZk.It i6KF4OGa97xWeCHNDwxCnIAP4xqsbMxR1ityhKtDHlDtMaumxGBUnMaJs84EYqCzPPhOu1bObNm_ pfRwlQSrYey38XLIbP_TupdZ4j9UeohsbryyHIC05zyVU8dFo0xtrHU5gPnsbAWcSLNdg2Gt3Tyw 8VFGIGrfgKRkhtyoIgT6rxO1ukwRS9w3Gjvm2tM8abDtJg1oySuxNkXaG4Y.ojCZmjbDCMa9a9W2 BcVqubrRyZBw_GYEWeDgrLUJpnVrJ8V.QlWYuQ7801STkcWSeA4J1nfHr3W6TOk4cAU.Fyjbr58K RjOK0aZy0F25YKQaiSJZshXZcUyP4JI8GfghQjtCHsl2tWndktgOhawLouallL6wvJUevV6shqyZ r6irj2m20Qz6dFjPBCdSVBarl7fc4QOOmw8HwyNpU1lGgzfzocemd0Wv8309IwFbR0MuTcF7wTXM P2O9mJuePBkV9kLlgIuwG2zCiKRruagQZwDX7N2MNHa_s2ZF_VoKy5i68x59wDLHPY.NiZNEeXs. abpW_bum672wGk4yaelWQH7hJvynEA7sdb2qLjg2114IbEoWVf0B_EIvH5fEhG5D6OeUa9zWE7iY baXbLsAecevCHGu44jWYne9kKzctnB2VuJccWZBH8IJGUa1bTC3mhAZ7TW6mS1fgdq8ywyPzbeNg N6L5NeIGp3FwU6Vpo0JebXao3f8QDzIbDl7X5CZWgjKYk_Yph3901Z3aMEQfaEu3JJYxZmBnWpzI vkleDRCk9hFkaeWtp0l6NeHZxNEHyotsC_aUOPjgAceTHP7EkGVegQtoxKQQ5SDzwMXKNApci8v5 nbKbIlB0JW.IdiUNiKY0hd4jr5BxzoFDLV8e62t_PcAJPLJ..gqOsvuh2zESq3dU6purDjOebRSp AShWhCfFDiyJEr8KPT61DhrcmSnICtQ3E7WT8rLs9Od_ritRA7ULW39VXUy7EGdPKhRXQyco5Nm. XLykHCGvCENelH_onGouazywXfDqSytACsO2spHszilRKRihBN9tTvTfJD4Aq7H9gazIKLUGulAf LWb9dpCHrO0TiDKrTmYZQQbwzCJx8VFGU5tO3.Gj5b6Uj8M9GnJqvMdJZ80hYpBiE1wTmZ40b7OR f1nlU80jz3w6GCcq3ZE3OSh8o3Z2ST.J0vmjFomJp8wgliqD1L0rk70I2We57cQ_2wPAaA2Kvgli .xoGQyknrWlylsTeGnvHFI89pCGrlI3xxpntpyS9EikzSGxqcUZT9RrHe.93k4xchbJC8BVSUl1h FdVEhQViCK1t5pt2ETNd_9XZ5muaEtxxYtUVAzWClkj9B2YQ4xb3rMoB9C3gWFGuwyN60okb0QGt vU7_ZeWMbcrg5INGRDU6Ezlp514.r4EpUVLR_vBCaEcW2Gi0_1saWFOffEGKReJGF.Qw942Zs1jp B0Ym3ly4eQ4wUI3XpE_0H473LcrRIAxsahzDTZRsJa4OFbpt5k5p_yqAwiFbVL4B78EzToGj7GF8 8cQUfNNWRppIttIdUSK7HQHozYn5jICpMvjetVmJzn.hBij.CMt54f1gmtNMugq3wZgDn5JOcdrd kU4LPC81.ndd9J21wgQ2zPfNsdivlcCSwDzzm7BfH8NRfkHjhKnL5Sd1mNCGIGRKvuLcjD0sWejj IAhHa_nR1FX2T0iE9zbESCBVlAp2j2X_JT.rLMgPnEUSDTny4InW3TlxSkp6dJzylX8PfwKjuA1B YjNS4tNHMYQeTh26u9PESj6X.GF1V.gvNHLJreBKxAVJaSWSkL0DrZKP41oJFsNqhp0BnIXKhsPW gz2f5qskGsqU- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:21:27 +0000 Received: by kubenode508.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 683a7366971fea1064dcd8a39110196b; Fri, 24 Sep 2021 18:21:25 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 24/28] Audit: Add framework for auxiliary records Date: Fri, 24 Sep 2021 10:54:37 -0700 Message-Id: <20210924175441.7943-25-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add a list for auxiliary record data to the audit_buffer structure. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records (none are currently defined) as have been added to the list. Signed-off-by: Casey Schaufler --- kernel/audit.c | 85 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 75 insertions(+), 10 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 069cd4c81a61..0d4aa6667125 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -191,15 +191,25 @@ static struct audit_ctl_mutex { * should be at least that large. */ #define AUDIT_BUFSIZ 1024 +/* The audit_context_entry contains data required to create an + * auxiliary record. + */ +struct audit_context_entry { + struct list_head list; + int type; /* Audit record type */ +}; + /* The audit_buffer is used when formatting an audit record. The caller * locks briefly to get the record off the freelist or to allocate the * buffer, and locks briefly to send the buffer to the netlink layer or * to place it on a transmit queue. Multiple audit_buffers can be in * use simultaneously. */ struct audit_buffer { - struct sk_buff *skb; /* formatted skb ready to send */ - struct audit_context *ctx; /* NULL or associated context */ - gfp_t gfp_mask; + struct sk_buff *skb; /* formatted skb ready to send */ + struct audit_context *ctx; /* NULL or associated context */ + struct list_head aux_records; /* aux record data */ + struct audit_stamp stamp; /* event stamp */ + gfp_t gfp_mask; }; struct audit_reply { @@ -1753,6 +1763,7 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, ab->ctx = ctx; ab->gfp_mask = gfp_mask; + INIT_LIST_HEAD(&ab->aux_records); return ab; @@ -1813,7 +1824,6 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { struct audit_buffer *ab; - struct audit_stamp stamp; if (audit_initialized != AUDIT_INITIALIZED) return NULL; @@ -1866,14 +1876,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, return NULL; } - audit_get_stamp(ab->ctx, &stamp); + audit_get_stamp(ab->ctx, &ab->stamp); /* cancel dummy context to enable supporting records */ if (ctx) ctx->dummy = 0; audit_log_format(ab, "audit(%llu.%03lu:%u): ", - (unsigned long long)stamp.ctime.tv_sec, - stamp.ctime.tv_nsec/1000000, - stamp.serial); + (unsigned long long)ab->stamp.ctime.tv_sec, + ab->stamp.ctime.tv_nsec/1000000, + ab->stamp.serial); return ab; } @@ -2363,7 +2373,7 @@ int audit_signal_info(int sig, struct task_struct *t) } /** - * audit_log_end - end one audit record + * __audit_log_end - end one audit record * @ab: the audit_buffer * * We can not do a netlink send inside an irq context because it blocks (last @@ -2371,7 +2381,7 @@ int audit_signal_info(int sig, struct task_struct *t) * queue and a kthread is scheduled to remove them from the queue outside the * irq context. May be called in any context. */ -void audit_log_end(struct audit_buffer *ab) +void __audit_log_end(struct audit_buffer *ab) { struct sk_buff *skb; struct nlmsghdr *nlh; @@ -2393,6 +2403,61 @@ void audit_log_end(struct audit_buffer *ab) wake_up_interruptible(&kauditd_wait); } else audit_log_lost("rate limit exceeded"); +} + +/** + * audit_log_end - end one audit record + * @ab: the audit_buffer + * + * Let __audit_log_end() handle the message while the buffer housekeeping + * is done here. + * If there are other records that have been deferred for the event + * create them here. + */ +void audit_log_end(struct audit_buffer *ab) +{ + struct audit_context_entry *entry; + struct audit_context mcontext; + struct audit_context *mctx; + struct audit_buffer *mab; + struct list_head *l; + struct list_head *n; + + if (!ab) + return; + + __audit_log_end(ab); + + if (list_empty(&ab->aux_records)) { + audit_buffer_free(ab); + return; + } + + if (ab->ctx == NULL) { + mcontext.in_syscall = 1; + mcontext.stamp = ab->stamp; + mctx = &mcontext; + } else + mctx = ab->ctx; + + list_for_each_safe(l, n, &ab->aux_records) { + entry = list_entry(l, struct audit_context_entry, list); + mab = audit_log_start(mctx, ab->gfp_mask, entry->type); + if (!mab) { + audit_panic("alloc error in audit_log_end"); + continue; + } + switch (entry->type) { + /* Don't know of any quite yet. */ + default: + audit_panic("Unknown type in audit_log_end"); + break; + } + __audit_log_end(mab); + audit_buffer_free(mab); + list_del(&entry->list); + kfree(entry); + } audit_buffer_free(ab); } From patchwork Fri Sep 24 17:54:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC0D0C433F5 for ; Fri, 24 Sep 2021 18:22:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C3DAD61241 for ; Fri, 24 Sep 2021 18:22:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348097AbhIXSYH (ORCPT ); Fri, 24 Sep 2021 14:24:07 -0400 Received: from sonic308-15.consmr.mail.ne1.yahoo.com ([66.163.187.38]:33992 "EHLO sonic308-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345076AbhIXSYG (ORCPT ); Fri, 24 Sep 2021 14:24:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507753; bh=14LKBDohBWZUkiLRgUbqPMHZxXFBtn3D372IN+R9v/8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=OQ4D+eVTgfHuJ51jdszFxOyIGVaRcI+AW/5lfW7SCX3EQpGNpUXFCZXSrufShHWhGWLmEPQEzBcoBSSY4RsPEK1yX/cYZYB42RzPxtYGZhpM9YTpysxDy6hSP3ThxrIz9i3xZIJtpb2SMqFGAwgOhswgiMzo8NioPAWzh/K8/XeY4Pfc6lwyp/KiePddzrYRi1/LjlnmSZOVvcU+THeOFf0U0CGy9iTajL73XOfFuVtDW/IPP35p5Y0i8NJmbbbEmM6CQVu/gB9f2wnzHbjjJvh6QwRS23OTloxNDP5hC3wFq0rEMGrK3vCGpDVYfsYevmYzSQ61KFDRYXALmApj9w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507753; bh=Vop+xZxyg+eFXNP7KMxWwZ6fUcnrjBB3xFR0knrLHwQ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=eCzRXW9wc67DrqYeoLtxcSzE9HmnotxJs3yBRo4fauDOzBDHeM5hJUJIWcT5geWFxOhXOo9pGA3FNUzzoNmQ20xHc5nnpVXaRKCGoX9idJjvcX2HUkisKkYkt+iIuv2MRK5r+e8Ch2NfEDaXGAA8E+vw+fIYwUpO86sxiPTOu3B2EMcUxTCwTyOmAbu/NVEu1ZSHxaCi6bnHqJpcuv9a6J/Nc+ihj5749cGz2hvm8SwcWs29clOd3lCkeQu5tYOgEiCrlFk48JFLTqO0PZyuTdZl1VuLO5cYCrLe/KPvomUZZHTKIl4HBwD5/nbQ8+xdZStnJ4K4cATW/Y9zFlkx7w== X-YMail-OSG: EfOQUxoVM1kczitBNILW0p1hzTMCKge9oG2QSLzW5IgIXukJRGcFzmHnHb_ewln P9Q_ZmBEwSh7qOcXVTTyfdJp17hlBzV4KW592wPDOcpHpti_cu95XoVlEzA_SKR6059svu3L6ZBL J2XJpxnZq9EAI1xsopp.IOYR.mFCf7rQKj0wDDyzlg_Yw8ueGDt2LiX.KMT0pZwVNJn80gBy2GIG 3kveUH9EYYjP5ogKi7LBg7ZqL6EkB7fay.bLquiRvIreUgT5wrmI0YAHWxY0sehWhzNaz5pENhSt yKCVVGzem1Bc.YWeUK4JDo9MIioZq_mxe5X9BolBetCc19HoIKs8qStEY.eXHr6e0EJJeTxTt21U 0Lqx.xiOG7eUrt1pipYpOFKxLnmWP8B.7j8dyfBZsA52wbNR.jQUZxfOwi_C9CuPzpOoz3mq_DzH 2UP5.4_G_vOOzV8sURVjhM.F7ZyB5CaFDehIdbPLAmr0ZZ4iqgCPPUTHPciRHi3H2KBj2wlairqY 1fNyVc69tZSUz0I5d0Mq3jaw6tYVzxUnNoq.6_qsd06Oq0o5AYwmUu9_wU0ZUMOm1vNAfnAvvNa_ UxDcjBzvIqpZ0vnjdxsw2ikb5nyrZLM24aKLYDe72_s62MF.qfeKBs2ycjAAU725gz06rxMvZdGr ckbwUCwaj4WHnPhamKbFSo4pqqbghhwKj._GxfuN8QkbROR5Ba8e6KV8O9LyuakIeEi_aWs3meDK DsBtZqTV36boBNunRSlUxotxd2hT1M5e17nrDTi0IsbPBV.YCnNnwSC._3nFRLUXtU5yh1Ru.VgR eA92dV6ntzOUf_z231vah49Fu0ZJPTVj6IvHF4pD3cuL6Wygn2d2Wmhzd_14Yw21qtL4AU_xoyl0 8ztjUVsdFqUDLVQY16H3a60gHSCKV4jdPghjuh3mnKiLI0MY7nvTYfmrciQx00Hu1rqJDoGELjeW 1JRma.EPIUW0n3Cu_KigyqKO_4.1ck38GetMbrLVsBvU7eGDuWu9Gi83oybtgTch31TefrihXN.1 l6vGDkB4Af38wnzWTHfK0uxhnbGkm211gfGZTgzOTFz8zZ8b7fDH4_hgGxPekONmocywlp6s9Tz7 lSLU86cSHKIYaFJsQ09adakmIqjgSEkQ5u8QpiAu9GQmLKtRwH6PamER7EXqpbNjUM4i99NzGFcu reBbzV4nkMLXvigjMY6a1t5YRY3VbTVLQZNvi17J8IsCxL3w6i1kCUlYThcifm3geH7znezlEEHX 0qeBBwgcZpSnelm9tGHjanXnLaO4BWvVNjDXtGMObgP1MjFIcaZCWRDyKGBCucTYkOE_DKtsqU5L qArnb0pYr08h.kctMuuz2IMpOeRddl2QOAEG6c5hEIoxihtMkoqVfnQ24alp_PKkJnQrNH4kWiRt oq6DJaup0cmSPoLXiz1ZNd41.kYbHWDpjL5W.V0dZfELqVYDQ1I.gy2no0fa5tvrfv44WzkDENhN PSs.sizleFsFaYXwxhERSPw9TJcP5pXPSDgyaUzD4ixGNtIk4vxvzTVjVUf65ElEkTKCISnvBFZV vJgqKiTcN0O5YTnw4wpIK1ZGvGJBaSW_XLk7T_SPn6u.slzpq3cfsZmejY5wSJkRjk8oJp1upelD 3Eyje1RXgOZzN82_ph8khoUKPlcnHwqYaKBCy58gjVmO8DlXi9GB7gKcNnw3AkuVXdmpmYOlOmHQ A93lI2QonX1osEoJRt.j1Iaq0O5lT_ixF.GiVDzNBfof1cNLxPrYlph4HRZF.C6yOEHWnUmnjc0B zbdC9St5lYnyr9rbLYseA2YTr07NO06UjXIVkSIeaU9deNdzL887eVIEXIfCu4OFe1yYY0dTxqmJ KcBNKmyfjwXucgsxEGtPesQeGCKhqi57bNBgdlx3vVa_dUPz1Zq5sPQ4J0lI2pi5sXw6d57YE5Yw 731eD0HZqFNxNbKzbvYmobWpYP2FVPjQjjaXsPIEGubF.ktCcwYBlV_ZlA6n1YV77nmSaWHJ.5tp n.wEKBevm7Phnl27iZZylUgw_Spufwtar8jEG3DExTDGbDERhHEtLgyTqJfbD0jzyfq_aFw5tr24 M0s1sf_8LUi65zvj3I3WwsrnipoYG7KxEKKGoJXkbxaz7LNep6O1AvYiHKwlk.QXfpdEot7eUHK3 a6HcPYQcgVglDFWKWIKVzwPwUb2V7_joousSIGFs1kOCJY.dUhEgwNFszXONcbeDtVBbN6qnfnyY cqR8lDoQJ1f6rpi70fdOGb.ISoGpORGvlhaLnkqjpBhJVjiv.KGyp7PZzsotE2Rm.ZvFUNWlHxSK THtRNDdmXm8Q7Pjx9Z89C9i3NJrVJBvfW X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:22:33 +0000 Received: by kubenode548.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID daf64c32c75f0a5032edf5ebe6eb21f7; Fri, 24 Sep 2021 18:22:30 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 25/28] Audit: Add record for multiple task security contexts Date: Fri, 24 Sep 2021 10:54:38 -0700 Message-Id: <20210924175441.7943-26-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a new audit record AUDIT_MAC_TASK_CONTEXTS. An example of the MAC_TASK_CONTEXTS (1420) record is: type=UNKNOWN[1420] msg=audit(1600880931.832:113) subj_apparmor="=unconfined" subj_smack="_" When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the "subj=" field in other records in the event will be "subj=?". A AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on a subject security context. Signed-off-by: Casey Schaufler --- include/linux/security.h | 9 ++++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 64 ++++++++++++++++++++++++++++++++------ 3 files changed, 65 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 7096a60fbbfe..cd67d801e94c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -230,6 +230,15 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb) extern int lsm_name_to_slot(char *name); extern const char *lsm_slot_to_name(int slot); +static inline bool lsm_multiple_contexts(void) +{ +#ifdef CONFIG_SECURITY + return lsm_slot_to_name(1) != NULL; +#else + return false; +#endif +} + /** * lsmblob_value - find the first non-zero value in an lsmblob structure. * @blob: Pointer to the data diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index daa481729e9b..6a0ac60688b1 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -139,6 +139,7 @@ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ +#define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 0d4aa6667125..707689605791 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -197,6 +197,9 @@ static struct audit_ctl_mutex { struct audit_context_entry { struct list_head list; int type; /* Audit record type */ + union { + struct lsmblob mac_task_context; + }; }; /* The audit_buffer is used when formatting an audit record. The caller @@ -2139,6 +2142,21 @@ void audit_log_key(struct audit_buffer *ab, char *key) audit_log_format(ab, "(null)"); } +static int audit_add_aux_task(struct audit_buffer *ab, struct lsmblob *blob) +{ + struct audit_context_entry *ace; + + ace = kzalloc(sizeof(*ace), GFP_KERNEL); + if (!ace) + return -ENOMEM; + + INIT_LIST_HEAD(&ace->list); + ace->type = AUDIT_MAC_TASK_CONTEXTS; + ace->mac_task_context = *blob; + list_add(&ace->list, &ab->aux_records); + return 0; +} + int audit_log_task_context(struct audit_buffer *ab) { int error; @@ -2149,16 +2167,22 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); - if (error) { - if (error != -EINVAL) - goto error_path; + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(&blob, &context, + LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return 0; + } + audit_log_format(ab, " subj=%s", context.context); + security_release_secctx(&context); return 0; } - - audit_log_format(ab, " subj=%s", context.context); - security_release_secctx(&context); - return 0; + audit_log_format(ab, " subj=?"); + error = audit_add_aux_task(ab, &blob); + if (!error) + return 0; error_path: audit_panic("error in audit_log_task_context"); @@ -2419,9 +2443,12 @@ void audit_log_end(struct audit_buffer *ab) struct audit_context_entry *entry; struct audit_context mcontext; struct audit_context *mctx; + struct lsmcontext lcontext; struct audit_buffer *mab; struct list_head *l; struct list_head *n; + int rc; + int i; if (!ab) return; @@ -2448,7 +2475,26 @@ void audit_log_end(struct audit_buffer *ab) continue; } switch (entry->type) { - /* Don't know of any quite yet. */ + case AUDIT_MAC_TASK_CONTEXTS: + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (entry->mac_task_context.secid[i] == 0) + continue; + rc = security_secid_to_secctx( + &entry->mac_task_context, + &lcontext, i); + if (rc) { + if (rc != -EINVAL) + audit_panic("error in audit_log_end"); + audit_log_format(mab, "subj_%s=?", + lsm_slot_to_name(0)); + } else { + audit_log_format(mab, "subj_%s=%s", + lsm_slot_to_name(0), + lcontext.context); + security_release_secctx(&lcontext); + } + } + break; default: audit_panic("Unknown type in audit_log_end"); break; From patchwork Fri Sep 24 17:54:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B13FC433EF for ; Fri, 24 Sep 2021 18:23:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0EF2A6124B for ; Fri, 24 Sep 2021 18:23:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348108AbhIXSZM (ORCPT ); Fri, 24 Sep 2021 14:25:12 -0400 Received: from sonic309-27.consmr.mail.ne1.yahoo.com ([66.163.184.153]:42635 "EHLO sonic309-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345973AbhIXSZM (ORCPT ); Fri, 24 Sep 2021 14:25:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507818; bh=18YBw5lrrEScsVFFDKFU/jbFXs15+sxrq394imit4R8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cCpPdnKAvxJVMBQ9nRt4rRRLWQ3hL0EEFg+bhW268Izg8x/e1Gv8Ryd7hOqTplZmEbhkIcb4Zubesk+6IVvzLJ3feIUm+COzepC6gxK4DC5zBgsSVdMvJsa8faBT7z96oPzO6IFigXmngyRWIxkTgXz2MjtiTtS5TIXtt5N2K/MK/Vae6G9JhRh9ehVQWnITFfL6MbfDedcB4MUIiWqwS+VlARRsnCqnZlAw/AKv/DrHUIsHzzGl0Ysyk62OO7/K74uIsfvvsven0n57xZm4ho76XtvauYngEDPUTxAFtxcgaAczlwX2N936ULZ6X19FuJwzI9LWxZBSfjdZJO8T8g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507818; bh=PHk0rpGdGsXUhxAQJz5eSBQ8jBMwddQXkX+4QE2UovQ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=V8c2C6LBX7AgWYp5XEi9elFfehLHPabzFt3v+wGWwOZF90n9wwUWxd0pX09J65R40BiFQq5r2Sb+4TJhjgqcUnIGfZz3rj3yUVZF3/UW+fgVDAFpR1ZVki3rLmcBmEus3KTNaNnWX3k61a28PurO248IiLG1GS4iRvEEY3toZe2Wl/66JG20bN6f0/7swQxNtYhh5kowPJ3lq+FYCXoQrPpm/iV5dI6TiR7VAuVovnez2IlJvCDAWS9kZH73bxxadiZKl29k19sraEf/Aj5v7jZiXMZRKrfo/JYy9bqe0vh/YIkEVvVl/4gRIOFoXZ/WIBkwP5DICc+Op+IVxfvtqA== X-YMail-OSG: H3GUxlYVM1klHA9mzoNN6XIEjGs8EfiE0DhQeElFh4NqozpNJ9zvVhRCIkfcSq6 3GUNp8fMqQUBxZ4dcSt0ga6ZZUXq9LiLeGdLByqIXiAIo2DRw_ufeqgAi.8h.n0m.EVNH5nVJ99R xs_0DS_gNwGhchGknAsKNWtTaOZWgAhELHPD..uJL402wzoRWZSEF3Mr.xECvLI4kMuBNRqGSMnI 0J0cDlXNEoVGIJ_AeEhHTXH.OwOFeta01DaA4ZZri74pXCQmCz636XPUhnk6s7rN8dT.CxYgarej t2IqM0fxJ2zWxSBEFsBHtX24UtUoHLzsAQqanw0aU2CIgc_Pv2tWyPRkaBjoDO1dkfnsGe3oPu_d 0fTuTvvm7v5c6QcvzaheR47Vzzux0acz5YuWlHGRwyj5Sz6hjh_CpqTQvTsRf30yWgjso1LxtU8a nH7PKGKQAXro5CFlD5vPZL3OKV04XcKLTFaDa9NwNswlPV0UjtpmOYIRpf2Nm.gcxicQanz577Bq YpUVYERCCX.p2OfFNKIQlv3uuS69dojMftgwdUPRYctJ61.KVix74MvRhvjbTgeKj0p7tNa0CJ0u aR9HnvvLwyGbpyMS2rAd.bM_lDklk7pSQZLVYwwT_zQIEUMDiPGvWaXi59MBrRaUqT3KlW4wnWyf Y8fYUVdaNCcfK41zQoQnTOHF9PdjbrfZYvdOPz4TI8Bba2PR99NJ8rOi0mREdcW0Tnqlp7UQbYYO FS_oBR_jOPDh3EO4xo0FK1RC.NckPtHHZ_jsjQfZ03kcEHqPONHjZCNb4A9cvFk8Tv_5YIjXEiwu dizVH3gHRAm8_go719Agbp9P1tc4kXvZY30C_fWdsdHMwflv1M9cNEVCxaAcIQcjh5eXBPmxlyC5 pgzaLvdF3bYCE_sYrWIHODAQ6E3kUYFRvzE0DTnl_JatmxBu6ENSOCL6j6IyR_QJlmZYTRYFeXXw njzuzVkZiQhO9VPtMoBfs45Gv.sihRTWjQ2zSbltqOeml5.SSZwnPCxM6zGvJn7WNsfT8KLEnL95 qiB9n982EURrR45pe8uz89BczPkNoNZr2zeh93vA9BMxR0Jo3Gkeo91AklHRBobdpPmMUrLs.8jb XRlw2ym4.Ga6e8iaDDCw9O_qerzfiXtisP9aFFpZCo1ogPQ_f1lrVjm86yQEM7YOz_n9LrccyQof gWjPPfpxNDvp3FfFLglfKtBIKnDW9pPYAPoVQxTeaO4CxffyGue2kgPQHqP.ET1yWmO.ykwMdfQe 7HYDIjKNprJd1IcqFnYB888qtRRN98R3ani5YNl.qJ7VdjFhd4kwpTnWnLVsxbxJ8r3Kr212wlH9 RYWN9bGwhJ75vu8tTo.QVjSyC2QO5qIhR8kuKe1c2BjLnMkRATBnNhnfV8dU6Fp7mhPbX0jhyz3i 6g6gj.bEmR468tBykYJ3amFPr4dq1IuitZfWi9l4un6gtQ7VRE7U5QkV9rrVm.Jbxhnug2L105Sw i4_46dLmVfWKZPEO6gxhpxZkQyPqbAzAnqxOOj4glIwhyHscw390VZPWMLhfoU7NP_7dakP1i27E .fXzQnDGm0fGczCQ58koom9woioTAaoWtJebJb3XLMf.65nNsIOCyE.2tXiw9dQ3p0uYeUo.WdwY _LGLhZGjf99ym8PbWj3M.PbNSe4sE0ZEvct6omk2X9Xz6NgNPOo7a9Ye6xq0x_fzNudAS8Vubip6 R0uKAyAXMcx_BI.FiiETQO6hY60GBIWawLql49Pr_qDWJsWUXBe1jxximIm6ZLFx0kL4w70.Z.w_ Xuuf4FgkgYUnLDHFfAlT64gGFCLT6bLxqve8pCXBwlUOcsKiDLfWahYFIVYiR4e0tYnYBoPeOyM2 mI0IIHMQdKoOZeNyy5o_63OQ1Sz6U.Rh.ugUkQh_lSB_ern36XY8S1X2QtssUScm9LH2THthLKI0 0Las1BkquVLwzeX3hQmK_R3xyEf0RkwTUWaLVYGIf1tnGZJP3Cm7e3ZG5pJjRR569DnSz6Vj6ing rSqfcq0RDpj5uzladCG_2Sj03CSHrS4XJYoJZj0V6Y52WABmcaYY9SCVw8CvFCQEDsM_Jj9TSWpt I9reWiKOYW3Z_vQ9jln359XLGoVcz8KI8X4I3VQt7b.xJ_BGgDAqxwhnLNeC0PaD4aRf.rrQFMH4 UZQv4tmUws7HcLwwaAt2_7Mz1rtHx8qMOlrKfo7crt6n8UMfyXHdkD6E196YF0hAmBsSdlzaqg1D 7AM0QWM9fM7E6tj6cN64CSK0lIrufAqm8mXw3fwTLER0sCh3PJI1tgZ5OcgU1Uofq620JkodtGXT pkkTNTaWl_vRyhNlzmIDlau48BRP0q7dZdg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:23:38 +0000 Received: by kubenode502.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 6f034eb0e81e998fbc74e56988a9ebb5; Fri, 24 Sep 2021 18:23:36 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: [PATCH v29 26/28] Audit: Add record for multiple object security contexts Date: Fri, 24 Sep 2021 10:54:39 -0700 Message-Id: <20210924175441.7943-27-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. An example of the MAC_OBJ_CONTEXTS (1421) record is: type=UNKNOWN[1421] msg=audit(1601152467.009:1050): obj_selinux="unconfined_u:object_r:user_home_t:s0" When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record the "obj=" field in other records in the event will be "obj=?". A AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has multiple security modules that may make access decisions based on an object security context. Signed-off-by: Casey Schaufler --- include/linux/audit.h | 5 ++++ include/uapi/linux/audit.h | 1 + kernel/audit.c | 59 ++++++++++++++++++++++++++++++++++++++ kernel/auditsc.c | 37 ++++-------------------- 4 files changed, 70 insertions(+), 32 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 418a485af114..fe7a7c9ea05a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -187,6 +187,8 @@ extern void audit_log_path_denied(int type, extern void audit_log_lost(const char *message); extern int audit_log_task_context(struct audit_buffer *ab); +extern void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); extern void audit_log_task_info(struct audit_buffer *ab); extern int audit_update_lsm_rules(void); @@ -250,6 +252,9 @@ static inline int audit_log_task_context(struct audit_buffer *ab) { return 0; } +static inline void audit_log_object_context(struct audit_buffer *ab, + struct lsmblob *blob); +{ } static inline void audit_log_task_info(struct audit_buffer *ab) { } diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 6a0ac60688b1..4be22169840c 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -140,6 +140,7 @@ #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_MAC_TASK_CONTEXTS 1420 /* Multiple LSM task contexts */ +#define AUDIT_MAC_OBJ_CONTEXTS 1421 /* Multiple LSM objext contexts */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 diff --git a/kernel/audit.c b/kernel/audit.c index 707689605791..1d11a47b6a2b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -199,6 +199,7 @@ struct audit_context_entry { int type; /* Audit record type */ union { struct lsmblob mac_task_context; + struct lsmblob mac_obj_context; }; }; @@ -2190,6 +2191,44 @@ int audit_log_task_context(struct audit_buffer *ab) } EXPORT_SYMBOL(audit_log_task_context); +void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) +{ + struct audit_context_entry *ace; + struct lsmcontext context; + int error; + + if (!lsm_multiple_contexts()) { + error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST); + if (error) { + if (error != -EINVAL) + goto error_path; + return; + } + audit_log_format(ab, " obj=%s", context.context); + security_release_secctx(&context); + return; + } + /* + * If there is more than one security module that has a + * object "context" it's necessary to put the object data + * into a separate record to maintain compatibility. + */ + audit_log_format(ab, " obj=?"); + ace = kzalloc(sizeof(*ace), GFP_KERNEL); + if (ace) { + INIT_LIST_HEAD(&ace->list); + ace->type = AUDIT_MAC_OBJ_CONTEXTS; + ace->mac_obj_context = *blob; + list_add(&ace->list, &ab->aux_records); + return; + } + error = -ENOMEM; + +error_path: + audit_panic("error in audit_log_object_context"); +} +EXPORT_SYMBOL(audit_log_object_context); + void audit_log_d_path_exe(struct audit_buffer *ab, struct mm_struct *mm) { @@ -2495,6 +2534,26 @@ void audit_log_end(struct audit_buffer *ab) } } break; + case AUDIT_MAC_OBJ_CONTEXTS: + for (i = 0; i < LSMBLOB_ENTRIES; i++) { + if (entry->mac_obj_context.secid[i] == 0) + continue; + rc = security_secid_to_secctx( + &entry->mac_obj_context, + &lcontext, i); + if (rc) { + if (rc != -EINVAL) + audit_panic("error in audit_log_end"); + audit_log_format(mab, "obj_%s=?", + lsm_slot_to_name(0)); + } else { + audit_log_format(mab, "obj_%s=%s", + lsm_slot_to_name(0), + lcontext.context); + security_release_secctx(&lcontext); + } + } + break; default: audit_panic("Unknown type in audit_log_end"); break; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0fef12638d8a..7cfd0877747a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1000,7 +1000,6 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, struct lsmblob *blob, char *comm) { struct audit_buffer *ab; - struct lsmcontext lsmctx; int rc = 0; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); @@ -1010,15 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (lsmblob_is_set(blob)) { - if (security_secid_to_secctx(blob, &lsmctx, LSMBLOB_FIRST)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(blob)) + audit_log_object_context(ab, blob); audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); audit_log_end(ab); @@ -1253,18 +1245,10 @@ static void show_special(struct audit_context *context, int *call_panic) from_kgid(&init_user_ns, context->ipc.gid), context->ipc.mode); if (osid) { - struct lsmcontext lsmcxt; struct lsmblob blob; lsmblob_init(&blob, osid); - if (security_secid_to_secctx(&blob, &lsmcxt, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=%u", osid); - *call_panic = 1; - } else { - audit_log_format(ab, " obj=%s", lsmcxt.context); - security_release_secctx(&lsmcxt); - } + audit_log_object_context(ab, &blob); } if (context->ipc.has_perm) { audit_log_end(ab); @@ -1410,19 +1394,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, from_kgid(&init_user_ns, n->gid), MAJOR(n->rdev), MINOR(n->rdev)); - if (lsmblob_is_set(&n->lsmblob)) { - struct lsmcontext lsmctx; - - if (security_secid_to_secctx(&n->lsmblob, &lsmctx, - LSMBLOB_FIRST)) { - audit_log_format(ab, " osid=?"); - if (call_panic) - *call_panic = 2; - } else { - audit_log_format(ab, " obj=%s", lsmctx.context); - security_release_secctx(&lsmctx); - } - } + if (lsmblob_is_set(&n->lsmblob)) + audit_log_object_context(ab, &n->lsmblob); /* log the audit_names record type */ switch (n->type) { From patchwork Fri Sep 24 17:54:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB6ADC4332F for ; Fri, 24 Sep 2021 18:24:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CC5F160F24 for ; Fri, 24 Sep 2021 18:24:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344740AbhIXS0W (ORCPT ); Fri, 24 Sep 2021 14:26:22 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:34083 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348116AbhIXS0V (ORCPT ); Fri, 24 Sep 2021 14:26:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507887; bh=kom9XAq0ZMiGSHlADnfpA7BS/DVlZZGZ9hW1JiZKK/Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=dyCAJzr5v9U4wZHgEhnWgpXox7VagcNMXZg3UubB4YYJetNOYA6hkqbEriTkN+4vqsxfDEkBy2j9/zeDicJYZ6WZ1w0BQ6JTxxIctUpdPKQRLR/2gaLEZnhsHCK2+SAVzSqZhnI76K+R9uVMyDRMykOuwUgOTvbJifjKw9kc+8Y9hXe8a44CqvVI3kfDlPnLGb/ixYQWyTMFdJMNfeLF2meEMOEuxC6engOIybZyv917UEpvScjiDgKLabf1wuimsAwPwkrgwkzlhuz51GwN9FQmqyUOc8Cjz3USOJsg9lTMYI9gTddSH1UAeYnbVv/+sTNwf0OMRKEiqfJk6aMo2Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507887; bh=AbM/J/EpKKzcJ7k7eWQgLH0kOXuxEHmN/5Fi+p1Q8SE=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=C0tfQ/WKGWwR3BMcnpJZlEdQHAw6z+NpqmalHLxgt5z0+cD3ODUD3leobh2Jb3deuAOVTtWQRMbUJUPT/ZE7iQp/MlBn4emfpJIC3xxCTLEPjb0Wtkvlp8zl7h56Y/goFzSIQiH5cIUhMBM20kq0IU6IXxcBsPWSOhz6B4w6jpZ+o7S2fzmuzWUntaUdo7rfOpnk+i3A46FMvNwSwTTMcIiT5WinStZJqfUN9APJ7iH0V5MkWY44OACk7RD89lG1hSc6Zr3qpkVWyPaPuMY4ZuC8A9Dszw+o4kp5QeCeF6t3N1PhZTVilQy0Ly0O6RgQ6M2j1au0VNoBilLaJCjKdw== X-YMail-OSG: KLqmlQ0VM1n_plmRmYDLyOEGFurcrtCCFwmlmsg1y0zN9kP7w4aTOoSj7QI.UrK Th3I9lNjhDnc6AaZECDFe8I3D4ZU.4pnjFNjL.naN6IYIC6f5uLU77g.MVFp6X0yo8yAAN.JSrL7 VFirR7jo8cBhDXkDDn.umHXIUKbG16Pzo6UunwD66iWvOt49kyM14KmchTkcBtfX7eDAcoZL4NUR ANokss8TrQSytZ.k01zGgRsNk9xKbxngek4cG5Vs5rhd.mJy.15yC5JJaYVwiTuSA3nncFE1bnnI QTwhogestwJ9ZlsmIUUFtl5Hev4iqb21VVIaBsSgX9LudVXEn8UiijX_rVuAI4.MHMqpt7bi6LaB de25xBSzrZ..wGthXak2ECyRDv4IP_3fLEv.bMzRpmtqa9l5UlaJVXdVMGtmr..UhL5m39fD54vP Vjx8q24yvD0lZbHgqH3exHBTaxoItgc9s3ZQm1Lrjp_RcnzW2f16XJ_zODDD3DWKHPzda85jejbM SrcnBlZMbtRiX9DzK1.1c4yLIib3ojSDZ_Nu4ifSbyhQIR2STPBRsLtM.MGDyQwLvwdwETnXuuDu k74yFbijMLPOM_oTRrvwRuQiYA_cLPJr81ipLKXeG9HX8I8FYXHJQJ4jYRt8zTDa33xQewdIn4Nn tnlZvIMaaPpb2gsXDsawuacjHw3KEQa0O.vO_PEbblmw9bxPzB3LBIUiHqCwmqlukzbcsdy3HuhD bJ.DAnQhdeQkoNpEwXh87jLzQ6Ld5almJ2gtzgXv_M5zJctI.0Pi84ZAA4c54cEVwLU7IB_NGQ.x 8WxLkvoRpk0OEw68HAkrNoT6QXvIz_9AAoUQMVTHYVCRXV4cEOQuqYrdcHBojJMn1GXywdG7wgcu jhPbjBfhCE7ah7A8rcjXD0ycQkgmjP9Wj.n9gO_tACCS6LfdiS0OjCXgp23XVChd0MlnQ8zC8bYD nUVSdWoDWOSDLyfDbk.mPHARpXi3Efpie9iaKNDKV1efSJjPuIp1B0cpldwKiYQfeMFgU3rElEw5 pLJh5RT1eg6Yys5Fjo0f1DVkL_KhQaPewJuhrMMOzgl7ynFZF_wtD7zYpZQa.l5nw6DdAvzb0XzO nJDRG1tOfAChWLkVf_g9kdZse9tj_Whab6YK9scclyZ_20zY6jE7qr..QEBdP6g0uzdYuKewDyCs 91SGSlwzTv1M_j8sJQf9bw0gQ4rWI6q6UvektuIgPpH79zpJu6ysvFjPWNVsxbE87n0xK56nSL.C cwOjFLNHExkVq8x59h7GzvsC89rBGIzv9ZbEmwWLXZTEcY3C35IP8yNeTXq37PqwXHPS1nYr2Xcb ippEGIcN4_01mBdI72RusWIrtD4IHXsKMhevq1P31SyuWVo6MbrhPqkI3sQeAqvaewjU9yxCG_Kx KP2gNgIllJ7dC55_vgPbNyD0KazmNXR5TjTFxLLdbxeV_MVrt.itJVKm6xasmSLWCP2ztIm6xtMC qcJPHD_gbfLt_MOqylJMi2TgMEvRMK_uZE4r.6Q2kaaBjyiEivTPlcLVCHrqwyr0bGTg34e2tPJ0 0FoOXmxXZ7ZJXi2QrGAgkPsR9.ypOsiqjI0teZB2X3PGuMABQwppfOQNMVuudeAkc6a.O.7USpX. UYyYPDr6_jyfSDPSR8YMRkJlp2xY3uE3eXPOmmpo50HOoUzo8elJMAcY_Lw7Wg7fR55OpJTSrkse UEXGPzvHmlfJ4.qUeiZidCFJnSW14kd453lmFgFH247vib3ShbrbHQHBWmqcH9RDaUO_Wz0cYfRh TkXhJGup9ohpcjDc1FhdKL9uWdXWWDGTGtUuaswCBoxvZefiEo5jQkOBhTULm8tyE1rwIMgQi6Yd .oVz41Iu3HO8rrQmkYWyBGlC.1kTuakwdQrUmMI8ijqNQ8x.ahchmAlcPCWHPSjhEfR27Vdumi1a SngqFX11nhBPvWdWsWAolLjA9dr1K0Vw9SHgymw1gISKQJw5jYLHn4sGe1rdFdAXhmElAi95WH4D d76g7drokEzyojGSTDpPefnmL6_Ryfn.KJLo.J8B7BXpmJjW3S3zFqnrOpiNqu.uoaUIdiNV5jVe 3J3idqaeS0Ogc10J.vRl.n2qwMDRm4s1KIuWAwBgKHgOV2l6qtNVJJqwAeu8hjZIOONKpoXazUAE 7OUbgffmaNZY5ZKHWQMeI9M2PiMwHqdOnh2gKDPO83eUbtT32_eYH9e07EX5D8s2xpHBs6ZYZlms E1zF_.w7jCz4bb_NJvG1DyVbcIx8S_4sg51p3Iiq7TOtcxJacky.PLmdTsswkBfBob3zqh2bzi2. YDaZwulbnp45eGWu5I045T6j0NQxJTMQBy2c- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:24:47 +0000 Received: by kubenode587.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 47dcbe6fc345351ca859b00706a0fb25; Fri, 24 Sep 2021 18:24:42 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v29 27/28] LSM: Add /proc attr entry for full LSM context Date: Fri, 24 Sep 2021 10:54:40 -0700 Message-Id: <20210924175441.7943-28-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add an entry /proc/.../attr/context which displays the full process security "context" in compound format: lsm1\0value\0lsm2\0value\0... This entry is not writable. A security module may decide that its policy does not allow this information to be displayed. In this case none of the information will be displayed. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: linux-api@vger.kernel.org Cc: linux-doc@vger.kernel.org --- Documentation/ABI/testing/procfs-attr-context | 14 ++++ Documentation/security/lsm.rst | 14 ++++ fs/proc/base.c | 1 + include/linux/lsm_hooks.h | 6 ++ security/apparmor/include/procattr.h | 2 +- security/apparmor/lsm.c | 8 +- security/apparmor/procattr.c | 22 +++--- security/security.c | 79 +++++++++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 10 files changed, 135 insertions(+), 15 deletions(-) create mode 100644 Documentation/ABI/testing/procfs-attr-context diff --git a/Documentation/ABI/testing/procfs-attr-context b/Documentation/ABI/testing/procfs-attr-context new file mode 100644 index 000000000000..40da1c397c30 --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-context @@ -0,0 +1,14 @@ +What: /proc/*/attr/context +Contact: linux-security-module@vger.kernel.org, +Description: The current security information used by all Linux + security module (LSMs) that are active on the system. + The details of permissions required to read from + this interface and hence obtain the security state + of the task identified is dependent on the LSMs that + are active on the system. + A process cannot write to this interface. + The data provided by this interface will have the form: + lsm_name\0lsm_data\0[lsm_name\0lsm_data\0]... + where lsm_name is the name of the LSM and the following + lsm_data is the process data for that LSM. +Users: LSM user-space diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst index b77b4a540391..070225ae6ceb 100644 --- a/Documentation/security/lsm.rst +++ b/Documentation/security/lsm.rst @@ -143,3 +143,17 @@ separated list of the active security modules. The file ``/proc/pid/attr/interface_lsm`` contains the name of the security module for which the ``/proc/pid/attr/current`` interface will apply. This interface can be written to. + +The infrastructure does provide an interface for the special +case where multiple security modules provide a process context. +This is provided in compound context format. + +- `lsm\0value\0lsm\0value\0` + +The `lsm` and `value` fields are NUL-terminated bytestrings. +Each field may contain whitespace or non-printable characters. +The NUL bytes are included in the size of a compound context. +The context ``Bell\0Secret\0Biba\0Loose\0`` has a size of 23. + +The file ``/proc/pid/attr/context`` provides the security +context of the identified process. diff --git a/fs/proc/base.c b/fs/proc/base.c index 65da9d2f3060..b87977f0488b 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2824,6 +2824,7 @@ static const struct pid_entry attr_dir_stuff[] = { ATTR(NULL, "keycreate", 0666), ATTR(NULL, "sockcreate", 0666), ATTR(NULL, "interface_lsm", 0666), + ATTR(NULL, "context", 0444), #ifdef CONFIG_SECURITY_SMACK DIR("smack", 0555, proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index d2c4bc94d47f..f6ffe8b069e2 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1397,6 +1397,12 @@ * @pages contains the number of pages. * Return 0 if permission is granted. * + * @getprocattr: + * Provide the named process attribute for display in special files in + * the /proc/.../attr directory. Attribute naming and the data displayed + * is at the discretion of the security modules. The exception is the + * "context" attribute, which will contain the security context of the + * task as a nul terminated text string without trailing whitespace. * @ismaclabel: * Check if the extended attribute specified by @name * represents a MAC label. Returns 1 if name is a MAC diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 31689437e0e1..03dbfdb2f2c0 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -11,7 +11,7 @@ #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H -int aa_getprocattr(struct aa_label *label, char **string); +int aa_getprocattr(struct aa_label *label, char **string, bool newline); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4237536106aa..65a004597e53 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -602,6 +602,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; + bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); @@ -609,11 +610,14 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) label = aa_get_newest_label(ctx->onexec); - else + else if (strcmp(name, "context") == 0) { + label = aa_get_newest_label(cred_label(cred)); + newline = false; + } else error = -EINVAL; if (label) - error = aa_getprocattr(label, value); + error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index c929bf4a3df1..be3b083d9b74 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -20,6 +20,7 @@ * aa_getprocattr - Return the profile information for @profile * @profile: the profile to print profile info about (NOT NULL) * @string: Returns - string containing the profile info (NOT NULL) + * @newline: Should a newline be added to @string. * * Returns: length of @string on success else error on failure * @@ -30,20 +31,21 @@ * * Returns: size of string placed in @string else error code on failure */ -int aa_getprocattr(struct aa_label *label, char **string) +int aa_getprocattr(struct aa_label *label, char **string, bool newline) { struct aa_ns *ns = labels_ns(label); struct aa_ns *current_ns = aa_get_current_ns(); + int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED; int len; if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; } + if (newline) + flags |= FLAG_SHOW_MODE; - len = aa_label_snxprint(NULL, 0, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(NULL, 0, current_ns, label, flags); AA_BUG(len < 0); *string = kmalloc(len + 2, GFP_KERNEL); @@ -52,19 +54,19 @@ int aa_getprocattr(struct aa_label *label, char **string) return -ENOMEM; } - len = aa_label_snxprint(*string, len + 2, current_ns, label, - FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | - FLAG_HIDDEN_UNCONFINED); + len = aa_label_snxprint(*string, len + 2, current_ns, label, flags); if (len < 0) { aa_put_ns(current_ns); return len; } - (*string)[len] = '\n'; - (*string)[len + 1] = 0; + if (newline) { + (*string)[len] = '\n'; + (*string)[++len] = 0; + } aa_put_ns(current_ns); - return len + 1; + return len; } /** diff --git a/security/security.c b/security/security.c index 96b1d9c37d49..798e887b18fe 100644 --- a/security/security.c +++ b/security/security.c @@ -802,6 +802,57 @@ static int lsm_superblock_alloc(struct super_block *sb) return 0; } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + size_t llen; + size_t nlen; + size_t flen; + + llen = strlen(lsm) + 1; + /* + * A security module may or may not provide a trailing nul on + * when returning a security context. There is no definition + * of which it should be, and there are modules that do it + * each way. + */ + nlen = strnlen(new, newlen); + + flen = *ctxlen + llen + nlen + 1; + final = kzalloc(flen, GFP_KERNEL); + + if (final == NULL) + return -ENOMEM; + + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, nlen); + + kfree(*ctx); + + *ctx = final; + *ctxlen = flen; + + return 0; +} + /* * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and * can be accessed with: @@ -2235,6 +2286,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + int finallen = 0; int ilsm = lsm_task_ilsm(current); int slot = 0; @@ -2262,6 +2317,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, return -ENOMEM; } + if (!strcmp(name, "context")) { + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, + list) { + rc = hp->hook.getprocattr(p, "context", &cp); + if (rc == -EINVAL) + continue; + if (rc < 0) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, rc); + kfree(cp); + if (rc < 0) { + kfree(final); + return rc; + } + } + if (final == NULL) + return -EINVAL; + *value = final; + return finallen; + } + hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c3e5fcedae0b..ec045d9e240a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6462,7 +6462,7 @@ static int selinux_getprocattr(struct task_struct *p, goto bad; } - if (!strcmp(name, "current")) + if (!strcmp(name, "current") || !strcmp(name, "context")) sid = __tsec->sid; else if (!strcmp(name, "prev")) sid = __tsec->osid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 711fb49b4d5f..bd46921b9d28 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3477,7 +3477,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) char *cp; int slen; - if (strcmp(name, "current") != 0) + if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); From patchwork Fri Sep 24 17:54:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 12516559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDB90C433F5 for ; Fri, 24 Sep 2021 18:26:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9B31561241 for ; Fri, 24 Sep 2021 18:26:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348126AbhIXS11 (ORCPT ); Fri, 24 Sep 2021 14:27:27 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com ([66.163.184.49]:39184 "EHLO sonic317-38.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348117AbhIXS10 (ORCPT ); Fri, 24 Sep 2021 14:27:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507953; bh=Nz3wsgxhhtxDXcfxqmeMu7QcdC6RUl6KPkW6ItWrbws=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=fLKzPxIuuYT04w0eHXgzeeuBU5sJqOuEoAdON0G3x4AnhJFhvR4NyomghTnETYDhcyI7Dklpa7DLSfnpWT8oEt6hI6ammO/4rg8LAy577IY5MEniXHReEQajUMMXM2WIPJsrJPQ9zbo9a9zkaEHIQAa9oSKQetS9K+F9VytBHr9qml7LfzOZuyawJU4N6MGR7CM0jQgM3XMsRaSzlpwM+KXJdBtPRdnHAi3MU9LZ6sWmMVcU0FqzahOIbuxVUeFBcrI9mF5Xes1syLOxosJTNafPEHKnYpuOvgmFjFPPu44o68yJ5F2ggcyjzDupnJREKRlQh3imKwq6RwfJFOv0xQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1632507953; bh=kih1ySoltZnQb4ThilzzaB7gNc9uQxoYSEPtgjSlhMp=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=H5CiVMRrpavM1aluAZyEEuaql//eoFkqC+q0Cpkt3Lj+SwSFqjGfuRdqwf/vzHutO29NNJ+26t7kQPQg0lIEkQkDi2u4q0iVSfPvaACiXHNG1vaoYnslPXQ38Sh/AViXrq76v0DaDBPJcLb9PM9V37ChgWrbdpViXt8twSJnKpCUviYeUstpKxcrvF70BnTV5Vy+48Cm5lEz6/akwVRY067Cswq1uNqlb8JvoWbO5bsfdhvmXaai61V+gS162WMRLXeBWTidZzff8UszdnOaJW7/j1iVk7CnKQlnDhZWyig+NbfXVw6Adv+dZ3tc4cZ4R+0Z/JweOrO2GvP7lVDXOQ== X-YMail-OSG: 8h3pjeEVM1k2s3NQ7s63V1ou1T7.6v6x.F94.xNfpz4WxQGZn4vK5qwaHPxrpT. WV9NIifwlL5DQA5woLlC4zEL4o90yxJKNcqPMwaF1W2c7OJarJun0QYu6l_CDbgLgWAke1AzWjPI EgdDajcZBCP91vI_jyKYige9Ae5ZnUX1WbODiCvP5R03CbeKAYzW_bMq4nhkq8iVufprjPsV5tbx wKrfU5WCJEyyDfq_jgUD845ZRWN3gsF.P9QQYLY5tkabtjRn1yWQ.7vr2UtmQmxeDZWdlOw0PEN0 RoaLyiPhZNZmnz9UibqcdXAGbAfsAn5myzSTyeSs.s92Dj4c84HQWhyiSQc.ZcZZH7zODRx7inAJ P8TVROhOP4QILdJF7DFufNXpTRFy2JUFovYjG_Hk5S.NMAPH1EdQV8WrlBFvtFFfYBaUaBLsqjKk yxyS1m5IqAuDwVvNDP8a2XXEYgRHQRmaXEo4lihpRJGJRiMce_Rba_.tZYJTMkVCqQwtPPwY7.GA moowpyVZ94NMDwiQI3ocYyHc9kAG9IsYTqbQ7dRazkXiTvnj0W_Pu44f_.W6R1FI3VZOH1nXnx7R IFVqBmco0O422IwdE3jPxhKtrAA2aSXOzjZQC4YoGCUkUCalKQYcTayTetMgptnnbh_omaChFvJN Sdb4qjdQqTNnHWYDGnZN.K2_qaHom2vl5ysJiiOPkS8aUOPSHhwOIK2wtNmMDtoEf1MiYNINTym8 6C5O7FEd8oadcl0escxvFIGhrEiiqjYBIvclf8J2hdBaeCfBdHdMCpVFGAGQOYrSlj3PVYZe85cr IIGapj_I535KjUQj5Zs.sKICsoJPMgrlXlfs1xiLVtcT6KXBuVcVo6fRIcGgtQwW_hoA2HflO2PK UgP8h462dOniNBdAAtBu3hmXvB_whDbx88EFQ2zXbxns8MG2hb9pxsCr94m03.UOe0tl5QMguw51 4bY8KcdN1AqKNVdK3ojkskW2GaGSbomqc9VLmQicOmSJl7_MdA7Ojr_1r63EtqvyTfh1tzye2Fe8 UVN6rYsvdCR71WIYBa5YgEQjU4GMHsjbJ2zg6zzX_YuAuDGK5iaFT0uFB5xxsRvxnvqHb0Ea0CXd Lfx4BP6P7KhzcdEp3H8fDAstCbypMymMYxPrPqgx8HTSyDf89nNtWwxQzWf4jEUAGHjZjHqTuCto fCqSVW9RjH2.2hZFD_upLirjzheZhXKntGo1IRpnFTrw3KbU9QTdjC.OXoay7OZqv9DE5ANzLebx DA35lqKrs6s4ZuGq3sRUI3m.hZqnMZ4H4nl55_GXRT42t2lOizJkzWmsRUSdTywonCs3hTAajo2B lVmF5rDpm7XrA7aauuPP7zQxaM7scy6alZ.bvlID57wgOiNCX3419hC0nx.x7_.1.QxD32Z5CSW4 3cmGp.BCzh2pDIHe5.QYdg9MrxbiG2V_hefwjIHYgFbkH2YLCI1xKG_e8J966F1vlIW5YHg7cT4t 9dX.mJDNlwuN9i.0ODNnmwGNaSU8_fB.Katr39RtXlkH857.pSd7_PogIzZPSL6bMcw1Mx50ySMM IX2EcQ8gAiSXvv75RgAghSlRPkTj9tq0Q2yYz91pKlLlbPqOGqPCRFis5E0ay79z0lgfUq0duK95 HKWf5tgdrS5WmuQipMV3BPA55wpYU7fJ8RPYLLgh..saDv2_46.tmjdQHWQh2dbNFKQr8fW.95mg HhjDsBvUtZTpY5UnFDRzTGlZzr0ydIMwPAYCm.CK6LMImvWIkfopAbb8Na17cMGxgeyncCHu7gL1 NTBa95RXbjIXZw_aMrTqtP99EFRscKuKN2gY63SwSrYptEEE3bt2pLaJad4XORID7xUKzQQr52ie 26cpwWixFnx7CPzwPQnG1mhwlcRfDyM0I8J9cjcS1q6ttzDy0CIbVfGaNZZ_79tjGK7YAZ64dUOl En02WCvmq0jBS991lnDRywqDUhtZSJuc.6sldo2AhUkRRE6jVJUqva.OptC1PcicUBseQvbW6_r2 plpewOE_ZKm.xImD7EY00O4XUutCoYxdXFYC9FWFziDbfx0tX2na.Twjf9_1KnxXfDiHoCRRTXC3 KxG.2gpaMUJ0tVgi.I6NW1snAJP4vkvSUsy6MEdxzr4SpZZ6w6RniPSpIfwozdMo7Ugz0C4Mv.GU cIa4NzpYLvIhQFZcqla8f8RUEkR.sROogz3pPsNIawXdRNJFTkU7EKpZzyspkqyemgqLJgtLVzAm IhhxhEElw5f73VuWjZllRJoe4fTAfoHvsXnygUyuqc8JF_5jSiJ9PZcrAkm9QUfbC3BoZHHxUIo4 Sfg0pD4W2IoYDRlX5vATQvdfYfikN8FNHW_e.ekT0UHSL1LNb2ZCM4GaDWaUfIzs6Y6zGh_5dBjh 4xBAYM3CmKJo- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 24 Sep 2021 18:25:53 +0000 Received: by kubenode537.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 5d70ca904e6a12349fcb9a9773299445; Fri, 24 Sep 2021 18:25:48 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, Stephen Smalley Subject: [PATCH v29 28/28] AppArmor: Remove the exclusive flag Date: Fri, 24 Sep 2021 10:54:41 -0700 Message-Id: <20210924175441.7943-29-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210924175441.7943-1-casey@schaufler-ca.com> References: <20210924175441.7943-1-casey@schaufler-ca.com> MIME-Version: 1.0 Precedence: bulk List-ID: With the inclusion of the interface LSM process attribute mechanism AppArmor no longer needs to be treated as an "exclusive" security module. Remove the flag that indicates it is exclusive. Remove the stub getpeersec_dgram AppArmor hook as it has no effect in the single LSM case and interferes in the multiple LSM case. Acked-by: Stephen Smalley Acked-by: John Johansen Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler --- security/apparmor/lsm.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 65a004597e53..15af5a5cb0c0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1138,22 +1138,6 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, return error; } -/** - * apparmor_socket_getpeersec_dgram - get security label of packet - * @sock: the peer socket - * @skb: packet data - * @secid: pointer to where to put the secid of the packet - * - * Sets the netlabel socket state on sk from parent - */ -static int apparmor_socket_getpeersec_dgram(struct socket *sock, - struct sk_buff *skb, u32 *secid) - -{ - /* TODO: requires secid support */ - return -ENOPROTOOPT; -} - /** * apparmor_sock_graft - Initialize newly created socket * @sk: child sock @@ -1257,8 +1241,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { #endif LSM_HOOK_INIT(socket_getpeersec_stream, apparmor_socket_getpeersec_stream), - LSM_HOOK_INIT(socket_getpeersec_dgram, - apparmor_socket_getpeersec_dgram), LSM_HOOK_INIT(sock_graft, apparmor_sock_graft), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request), @@ -1928,7 +1910,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, + .flags = LSM_FLAG_LEGACY_MAJOR, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init,